Thus spake Roger Dingledine ([EMAIL PROTECTED]): > On Tue, Nov 28, 2006 at 06:52:29PM -0600, Mike Perry wrote: > > > bach from Germany : 212.42.236.140 > > > > Confirmed (I've found an alternate machine to do dev on, so I should > > be able to continuously scan now). Bach is self-signing certs still, > > and not just for e-gold. It is also likely the culprit as opposed to > > an upstream ISP, since the CN name is "bach". Based on this, I'm > > guessing they're not intending to stop anytime soon. > > Yuck. Actually, Peter Palfrader just pointed out that it's probably just > an iptables screw-up. "bach" is that Tor server's nickname. It looks > like he's redirecting all outgoing port 443 requests back into his ORPort. > > So, yet another instance of a non-malicious attacker. :)
Heheh, I guess this goes in the "never blame conspiracy when you can blame incompetence" column. Damn, it's so much more exciting to find malicious nodes ;) -- Mike Perry Mad Computer Scientist fscked.org evil labs
