Re: [tor-relays] Tor exit nodes attacking SSH?

me@eugenemolotov.ru wrote:

Make a "trap" ssh server (for example on virtualbox machine without any sensitive data) and log in into it through tsocks. After that check from which ip it was logged in. This probably would be ip of the exit node.

What if they "bridge" mitm-ed traffic to a different host?

I saw a similar ssh warning few weeks ago but I wasn't prepared to identify the bad exit. I set SafeLogging to 0 and I will enable debugging via SIGUSR2 next time this happens. Can someone confirm whether it's a good way of identifying bad exits?