Hi *Taka Khumbartha* :
> Claude LaFrenière @ 2006/10/06 12:24:
>> For the moment nothings prove that any exit nodes are responsibles for this.
>> We have to do somethings based on facts not fears...
>>
>
> How about this then? when navigating to www.ezboard.com the proper page
> is loa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Claude LaFrenière @ 2006/10/06 12:24:
> For the moment nothings prove that any exit nodes are responsibles for this.
> We have to do somethings based on facts not fears...
>
How about this then? when navigating to www.ezboard.com the proper page
yes. I have made more test an seen via vidalia, that the advertising
pages came up when the exit node uses the dns-server NS1 or
NS2.oversee.net (mostly 204.13.161.20 seen).
I´ve made a break now for myself in privoxy, reconfigure it to use
socks4 forwarding instaed of 4a. So I have to live
Jan Stolzenburg wrote:
> Hello,
> I don't have Vidalia, so I wasn't able to find out which exit-node I
> used, but I found something really interesting. "wiki.noreply.org"
> and "wiki.ubuntuusers.de" got replaced by
> "http://wiki.noreply.org/frame.aspx?u=http%3a%2f%2flanding.domainsponsor.com%3fa_
Hello,
I don't have Vidalia, so I wasn't able to find out which exit-node I
used, but I found something really interesting. "wiki.noreply.org"
and "wiki.ubuntuusers.de" got replaced by
"http://wiki.noreply.org/frame.aspx?u=http%3a%2f%2flanding.domainsponsor.com%3fa_id%3d1637%26domainname%3dnoreply.
Yesterday, I linked to Slashdot and got a bogus page in German.
Restarting my Tor client (i.e., getting a new set of circuits) got me to
the real Slashdot page.
???
Clifnor
--
http://www.fastmail.fm - Choose from over 50 domains or use your own
On Thu, 2006-10-05 at 11:41, Alexander W. Janssen wrote:
> OK, well, i checked that whistlersmother as well and got this picture:
> http://cjoint.com/data/kfr4jmDAsY.htm
I've read or skimmed the entire thread which seems to have ended midday
Thu, 10-5. Friday morning I clicked on a Cnet newslette
bagelcat wrote:
> ok i have played now for more than an half hour with nonsense
> domainnames. every time the connection goes through an exit node located
> in texas, one time in the state new york and one time in denver i have
> got the advertising page.
I remember something about a major DNS ser
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
>> How can I see which exit node is using?
>
> Check this with Vidalia ...
Thanks for the info.
>> I think that badly behaving exit nodes should be excluded automagically.
>> How, I dont know =).
>
> For the moment nothings prove that any exit no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Maybe a problem with a DNS- Server?
Greetz
Missi
Eben(am 6. 10. 2006 um 22:26 Uhr)hast du eingetippt:
> ok i have played now for more than an half hour with nonsense
> domainnames. every time the connection goes through an exit node
> located in texa
ok i have played now for more than an half hour with nonsense
domainnames. every time the connection goes through an exit node
located in texas, one time in the state new york and one time in
denver i have got the advertising page.
maybe it will be a nice test, that someone unsing the same
Ive got this strange behavior also now several times when using tor.
Always there is a redirect with "landing.domainsponsor.com" wich have
the registrar Oversee.net .
A self-description of that company:
"Oversee.net is a technology-driven media company that delivers
innovative advertising s
Hi *M* :
> How can I see which exit node is using?
Check this with Vidalia ...
>
> http://www.debian-administration.org/ was mutilated by exit node into
> something similar that you are reporting. Quite alarming trend.
Please let us remain calm like Norwegian sailors in the storm.
>
>
Hi *Robert Hogan* :
> On Friday 06 October 2006 19:21, Robert Hogan wrote:
>>> Hmmm... I had this problem with Whistlemother exit node and this site:
>>> http://www.iamaphex.net with the same
>>> "frame.aspx?u=http%3a%2f%2flanding.domainsponsor.com "blah blah blah"
>>> filter ... =SUSPECTED+UND
On Friday 06 October 2006 19:21, Robert Hogan wrote:
> > Hmmm... I had this problem with Whistlemother exit node and this site:
> > http://www.iamaphex.net with the same
> > "frame.aspx?u=http%3a%2f%2flanding.domainsponsor.com "blah blah blah"
> > filter ... =SUSPECTED+UNDESIRABLE+BOT"
>
> i have t
>
> Hmmm... I had this problem with Whistlemother exit node and this site:
> http://www.iamaphex.net with the same
> "frame.aspx?u=http%3a%2f%2flanding.domainsponsor.com "blah blah blah"
> filter ... =SUSPECTED+UNDESIRABLE+BOT"
>
i have the same experience using whistlersmother for the same site.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi
How can I see which exit node is using?
http://www.debian-administration.org/ was mutilated by exit node into
something similar that you are reporting. Quite alarming trend.
I think that badly behaving exit nodes should be excluded automagically.
Hi *Stephen* :
> Greetings!
>
> Been experiencing this particular issue since Sunday & following the topic
> here.
>
> From 05-Oct:
>
> exiting from hotmail account
>
> redirected link:
> http://g.msn.com/frame.aspx?u=http%3a%2f%2flanding.domainsponsor.com%3fa_id%3d1637%26domainname%3dmsn
Greetings!
Been experiencing this particular issue since Sunday & following the topic here.
>From 05-Oct:
exiting from hotmail account
redirected link:
http://g.msn.com/frame.aspx?u=http%3a%2f%2flanding.domainsponsor.com%3fa_id%3d1637%26domainname%3dmsn.com%26adultfilter%3doff%26popunder%3doff
Hi Claude!
On Thu, Oct 05, 2006 at 11:29:22AM -0400, Claude LaFrenière wrote:
> Got it !
Aha? I'm still scanning with no result so far, although i found a couple of
exitnodes which have misconfigured local proxies...
[...snip...]
OK, well, i checked that whistlersmother as well and got this pic
Hi *Alexander W. Janssen* :
Got it !
I was going to this web site: http://www.iamaphex.net
(This is the web site for Torcap, a program to socksify application in Windows
O.S.)
with the exit node exit node: whistlermother
Info: http://node2.xenobite.eu/torstat.php
1195whistlersmother
On Thu, Oct 05, 2006 at 09:31:47PM +0800, Deephay wrote:
> Also, the logo "linux-magazine.com what you need, when you
> need it" is a image or just text?
Exactly the same page is at http://www.wdr.tv/.
The content of that page is (gathered with tcpdump):
http://searchportal.information.com/?a_id
- I started a little investigation if there are any obviously
> bogus exitnodes in the wild:
>
> http://itnomad.wordpress.com/2006/10/04/analyzing-tor-exitnodes-for-anomalies/
>
> I welcome you to start your own investigation; if there are really bogus
> exitnodes we should be aware o
Hi *glymr* :
> I am not adding anything useful, but I wish to add my feeling about this
> situation that people are so rapidly responding to a threat so early.
>
> :) tor will never die if people like you all are on it. (which reminds
> me i've blathered about writing a dns proxy patch for to
Hi *Alexander W. Janssen* :
> On Wed, Oct 04, 2006 at 08:45:03PM -0400, Claude LaFrenière wrote:
>> Hmmm... Bogus exit nodes or bogus DNS servers ?
>
> One or the other way, brute forcing my way through all exit-nodes should
> reveil it. Hopefully...
This is a lot a job. May be a very long i
Currently i'm improving my torstat page to mark nodes with bad
http-behavior, using automatic http-throughput comparison of every
http-servicing exit-node against a reference exit-node.
Then it's up to the users to add a ExcludeNodes statement in
torrc using this information.
Greets
Alexand
On Wed, Oct 04, 2006 at 08:45:03PM -0400, Claude LaFrenière wrote:
> Hmmm... Bogus exit nodes or bogus DNS servers ?
One or the other way, brute forcing my way through all exit-nodes should
reveil it. Hopefully...
> Is it possible that the strange side effects comes, not from the exit nodes
> th
e investigation if there are any obviously
>> bogus exitnodes in the wild:
>>
>> http://itnomad.wordpress.com/2006/10/04/analyzing-tor-exitnodes-for-anomalies/
>>
>> I welcome you to start your own investigation; if there are really bogus
>> exitnodes we should be a
s exitnodes in the wild:
>
> http://itnomad.wordpress.com/2006/10/04/analyzing-tor-exitnodes-for-anomalies/
>
> I welcome you to start your own investigation; if there are really bogus
> exitnodes we should be aware of those and we should know their node's nickname
> to put
configure & let er run.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Alexander W. Janssen
Sent: Wednesday, October 04, 2006 9:33 AM
To: or-talk@freehaven.net
Subject: Analyzing TOR-exitnodes for anomalies
Hi all,
considering that I heard from
/04/analyzing-tor-exitnodes-for-anomalies/
I welcome you to start your own investigation; if there are really bogus
exitnodes we should be aware of those and we should know their node's nickname
to put them on a shitlist.
This might leed to an escalation in the future when marketeers realiz
31 matches
Mail list logo
