Opened 6 years ago

Closed 5 years ago

#8682 closed defect (fixed)

Bad exit node

Reported by: Jens Owned by:
Priority: High Milestone: Tor: unspecified
Component: Core Tor/Tor Version: Tor: unspecified
Severity: Keywords: bad-exit tor-auth
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I'm not sure how/where to report this properly. Sorry about that.

Yesterday, exit node 72B2CDC96A83CA3C801A122F851C1C6C8339EBDF~Unnamed presented a self-signed certificate, when I wanted to retrieve e-mail via IMAPS:
fetchmail: Fehler bei Server-Zertifikat-Überprüfung: self signed certificate in certificate chain
fetchmail: Das heißt, dass das Wurzelzertifikat (ausgestellt für /C=US/ST=Nevada/L=Newbury/O=Main Authority/OU=Certificate Management/CN=main.authority.com/emailAddress=cert@…) nicht unter den vertrauenswürdigen CA-Zertifikaten ist, oder dass c_rehash auf dem Verzeichnis ausgeführt werden muss. Details sind in der fetchmail-Handbuchseite im bei --sslcertpath beschrieben.
23734:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:985:

Tor control info:

SETEVENTS CIRC STREAM ADDRMAP
250 OK
650 STREAM 26 NEWRESOLVE 0 pop3.web.de:0 PURPOSE=DNS_REQUEST
650 STREAM 26 REMAP 0 212.227.17.177:0 SOURCE=CACHE
650 STREAM 26 SUCCEEDED 0 pop3.web.de:0
650 STREAM 26 CLOSED 0 pop3.web.de:0 REASON=DONE
650 STREAM 27 NEW 0 212.227.17.161:995 SOURCE_ADDR=127.0.0.1:58846 PURPOSE=USER
650 STREAM 27 SENTCONNECT 13 212.227.17.161:995
650 STREAM 27 REMAP 13 212.227.17.161:995 SOURCE=EXIT
650 STREAM 27 SUCCEEDED 13 212.227.17.161:995
650 STREAM 27 CLOSED 13 212.227.17.161:995 REASON=CONNRESET
GETINFO stream-status
250-stream-status=
250 OK
GETINFO circuit-status
250+circuit-status=
[...]
13 BUILT $863D45319121DE1BB4F50DE7931FEC422FBFD76E=sabotage,$38DC37A8C215C1718EB0031FB9689EA846862551~Unnamed,$72B2CDC96A83CA3C801A122F851C1C6C8339EBDF~Unnamed BUILD_FLAGS=NEED_CAPACITY PURPOSE=GENERAL TIME_CREATED=2013-04-10T18:30:27.682032
[...]

Somewhat (ca. 10min) later:
GETINFO ns/name/$72B2CDC96A83CA3C801A122F851C1C6C8339EBDF~Unnamed
250+ns/name/$72B2CDC96A83CA3C801A122F851C1C6C8339EBDF~Unnamed=
r Unnamed crLNyWqDyjyAGhIvhRwcbIM5698 76Xk96VU80WBQigeYxRxyqrjxgM 2013-04-10 14:54:31 64.237.42.140 9001 0
s Exit Fast Running Stable Valid
w Bandwidth=23300

An IP address with the same prefix is listed here: https://trac.torproject.org/projects/tor/wiki/doc/badRelays

Child Tickets

Change History (4)

comment:1 Changed 6 years ago by arma

Looks like a duplicate of #8657?

comment:2 Changed 6 years ago by Jens

That depends on the definition of duplicate.

In any case, it might be good to have one entry point to collect bad exit node reports and to recommend that place. Moreover, a recipe of what information to collect how might help.  In contrast to #8657 I did not attempt to download the certificate. I get guess I would try the following next time, hoping that the circuit is still in place.

torify openssl s_client -connect pop3.web.de:995 -showcerts

(I wrote IMAPS in the ticket, which was incorrect.  Apparently, I'm using POPS ;)

comment:3 Changed 6 years ago by nickm

Keywords: bad-exit tor-auth added; bad exit removed

comment:4 Changed 5 years ago by phw

Resolution: fixed
Status: newclosed

Closing since the exit relay was given the badexit flag.

Note: See TracTickets for help on using tickets.