On 13-11-10 08:04 AM, Claudio wrote:
Some months ago I encountered a situation where a user running an exit node with a publicly exposed privoxy (intentionally or not, I'm not sure) was constantly receiving a number of requests directed to advertisement networks. Fundamentally, someone is/was running an infrastructure using exposed Privoxies to perform some sort of advertisement fraud.
Privoxy has never been part of the Tor relay configuration, AFAIK. Privoxy was discontinued as part of the Tor client configuration a couple of years ago. Therefore such a phenomemon *should not* have anything to do with Tor relays.
However there may be a few rogues who run Tor exits that cache or snoop traffic or who simultaneously run other proxy services (for example misconfigured home exit nodes). The Legal FAQ gives some advice on these issues: https://www.torproject.org/eff/tor-legal-faq.html.en
It's been roughly documented also here: https://b.kentbackman.com/2013/04/15/rotpoion-botnet-powered-by-thousands-of...
Out of interest, I gave a quick look at existing relays and exists and it turns out that there's ~20 nodes exposing Privoxy on public IPs.
Host: 46.65.12.134 (46-65-12-134.zone16.bethere.co.uk) Ports: 8118/open/tcp//privoxy/// Host: 66.146.193.31 (sable.dredel.com) Ports: 8118/open/tcp//privoxy/// Host: 66.180.193.219 (tor-proxy.die.net) Ports: 8118/open/tcp//privoxy/// Host: 69.164.211.18 (nsi.mirt.net) Ports: 8118/open/tcp//privoxy/// Host: 71.246.241.109 (koansys.com) Ports: 8118/open/tcp//privoxy/// Host: 75.137.122.118 (75-137-122-118.dhcp.gnvl.sc.charter.com) Ports: 8118/open/tcp//privoxy/// Host: 78.47.41.125 (maurer-web.wisseberger-jonges.de) Ports: 8118/open/tcp//privoxy/// Host: 81.56.102.224 (perso.schenck.fr) Ports: 8118/open/tcp//privoxy/// Host: 82.45.34.136 (cpc11-hawk13-2-0-cust135.aztw.cable.virginm.net) Ports: 8118/open/tcp//privoxy/// Host: 93.207.83.51 (p5DCF5333.dip0.t-ipconnect.de) Ports: 8118/open/tcp//privoxy/// Host: 95.140.34.187 (medea.tobias.vn) Ports: 8118/open/tcp//privoxy/// Host: 95.140.34.188 (mikrobi.tobias.vn) Ports: 8118/open/tcp//privoxy/// Host: 123.254.105.104 () Ports: 8118/open/tcp//privoxy/// Host: 151.28.124.42 (ppp-42-124.28-151.libero.it) Ports: 8118/open/tcp//privoxy/// Host: 162.243.5.88 () Ports: 8118/open/tcp//privoxy/// Host: 165.154.108.120 () Ports: 8118/open/tcp//privoxy/// Host: 176.31.127.140 (ks396886.kimsufi.com) Ports: 8118/open/tcp//privoxy/// Host: 199.184.154.12 () Ports: 8118/open/tcp//privoxy///
First thing first, I'm interested to know whether there's an actual reason for doing this or if it's something discouraged.
Best, /nex _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays