Tuesday, September 11, 2007 9:28 AM cmosby

SANS Internet Storm Center - TOR - sniffing exit nodes

 

TOR - sniffing exit nodes

Published: 2007-09-11,
Last Updated: 2007-09-11 12:51:18 UTC
by Swa Frantzen (Version: 1)

The (IT) press is buzzing somewhat with attacks against the onion router (TOR).
The problem is lies in an atack performed and used to gain access to mailboxes by creating and sniffing the unencrypted side of some Tor exit nodes.

From a technical perspective these attacks are known and documented in e.g. the Tor FAQ:
http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ExitEavesdroppers

Tor -tries to- provide anonymity. Anonymity and security are two different beasts. When passing unencrypted traffic (such as POP3, IMAP etc) you are basically not only handing the malicious Tor exit node the contents of your email, but also -in many cases- the keys (login and password) to your mailbox.

--
Swa Frantzen -- NET2S

Source: SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc

Filed under: , ,

Comments

No Comments