On 02/24/2011 07:27 AM, Olaf Selke wrote: > Am 24.02.2011 08:45, schrieb grarpamp: > >> There is NO way to detect passive monitoring unless you have access >> to the monitor. > for each exit node I can set up a unique decoy email account one a > machine controlled my myself, access it over unencrypted pop or imap > sessions thru Tor and wait for a second login from a rogue exit operator > trying to steal my mails. That's no rocket science. > It isn't, but nor is just passively capturing and just using whats captured. There is no law of sniffing that says the person sniffing HAS to take the bait every time. If he is content to just get what comes over his wire and stick with that.... he still gets whatever emails that you downloaded.
It also doesn't prove that the operator was complicit. That the sniffing was happening along a path between only one node and your email server, doesn't actually prove that it was happening at the node. Admittedly, with the sort of exit policies that started all this, it would be quite a preponderance of evidence but, still not hard proof. Though, given the relative innocuousness of being on the bad exits list, hell.... its hard to say definite proof is needed. This would actually be quite an interesting test. Anyone taking bets on how many nodes lead to compromised account passwords? I am guessing at least a handfull, maybe as many as a dozen? Of course, an operator with multiple bad nodes might notice if you used the same sever/account with different passwords over a short period of time. Might need to vary servers/accounts a bit to be really thorough.... but... that is probably overkill. _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
