Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: TOR - sniffing exit nodes - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
TOR - sniffing exit nodes

The (IT) press is buzzing somewhat with attacks against the onion router (TOR).
The problem is lies in an atack performed and used to gain access to mailboxes by creating and sniffing the unencrypted side of some Tor exit nodes.

From a technical perspective these attacks are known and documented in e.g. the Tor FAQ:
http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ExitEavesdroppers

Tor -tries to- provide anonymity. Anonymity and security are two different beasts. When passing unencrypted traffic (such as POP3, IMAP etc) you are basically not only handing the malicious Tor exit node the contents of your email, but also -in many cases- the keys (login and password) to your mailbox.

--
Swa Frantzen -- NET2S

Swa

760 Posts

Sign Up for Free or Log In to start participating in the conversation!