MW-Blog

After a few news sites picked up the entries on the suspicious TOR nodes I’ve had a few queries on the issue.While it is very easy to detect TOR nodes that are blindly doing MITM attacks on every SSL encrypted connection, targeted attacks are a _lot_ harder to find. Basically to detect a TOR node that targets a special site for MITM attacks I’d need to know the exact IP address(es) of the target to be able to check the nodes.

I’ve got a few more ideas on how to improve the tool I have to make a few other checks on TOR nodes but it’ll take some time before I can implement them.

This entry was posted on Thursday, November 22nd, 2007 at 10:03 am and is filed under General InfoSec. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.