[Rack] Tor security in Noisebridge

Andy Isaacson adi at hexapodia.org
Sat Dec 1 09:34:57 UTC 2012


On Fri, Nov 30, 2012 at 02:52:05PM -0800, James Sundquist wrote:
> I've been reading up on Tor Exit Node man-in-the-middle attacks and was
> wondering whether it has ever been addressed by the NoiseTor team.  I
> understand that Tor is designed for anonymity (not security), but I'd love
> to hear the thoughts of someone who has experience with NoiseTor.  Rack
> seems like the correct list since it relates to Network Infrastructure.

the tor@ is a better list, but whatever. :)

Noisetor doesn't modify, monitor, or record traffic on our exit node.
So we're not operating a MITM attack.

There isn't much that Noisetor can do to prevent some other exit node
from modifying, monitoring, or recording traffic.  Obviously the Tor
admins can flag exits as BadExit or similar if a MTIM is noticed, and we
support that, but it doesn't have very much to do with Noisetor.

I'm not sure what else you're supposing we might do to address possible
MITM attacks.  Anything else in particular you're thinking of?

-andy


More information about the Rack mailing list