Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 05-20-2011, 11:45 PM   #1
LQ Newbie
Registered: May 2011
Posts: 24

Rep: Reputation: 1
Checking Mail Through Tor and my Browser says Connection is Untrusted?

I was recently connecting securely to the website where I have my mail account, and I connected through Tor. When doing so firefox presents me with the screen saying that the connection is untrusted and it can't verify the certificate. So I cancelled.

I'm using torbutton and I turned torbutton to off and connected again with no problem. Then with torbutton on again, same thing (untrusted).

Is it possible the exit node I was going through is doing a man in the middle attack?

However later when connecting through tor I did NOT get the warning about the site being untrusted. I really don't know what exit node I was using when I got the certificate warning and what exit node I was using when I did not recieve the warning. I don't know how long I stay on the same node or how/when it changes.

Any thoughts?
Old 05-21-2011, 12:20 AM   #2
LQ Guru
Registered: Apr 2005
Posts: 5,817

Rep: Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002
My complete honest opinion about that.... If it worked without the Tor connection, then it did that going through only that one node, I wouldn't trust it. That is my only two cents though, and maybe someone else could explain that. But overall, I really would not trust it, and I would have change the exit node.
Old 05-21-2011, 10:03 AM   #3
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Originally Posted by newb123 View Post
Is it possible the exit node I was going through is doing a man in the middle attack?
Yes, of course that's possible.

I don't know how long I stay on the same node or how/when it changes.
I'd imagine this is covered in the documentation.
Old 05-22-2011, 09:57 PM   #4
Registered: Nov 2010
Distribution: Kubuntu 10.4
Posts: 46

Rep: Reputation: 16
Too bad you don't remember which exit node it was, it would help. Yeah, it could be a compromised exit node trying to perform a mitm attack. It would be interesting to see that certificate. Anyway, there are two things that you can do to avoid this in the future.

First, install the Certificate Patrol add-on for Firefox
It stores the certificates from every site you visit and checks to see if they change before the expiration date. You will get a lot of notifications about cert changes but its almost always benign. I suggest you install that in every Firefox profile you use as its a very helpful add-on in general.

Secondly, compromised "bad" nodes are a bit common actually. There's a tor hidden service called InspecTor that checks nodes for bad versions, javascript injections, sql injections, replacing https links for http etc. http://xqz3u5drneuzhaeo.onion/users/badtornodes/
To protect against exit nodes like that you can select the set of bad nodes you want depending on how paranoid you are, create an ExcludeNodes text block with their fingerprints and edit your torrc file to avoid using them as exit nodes permanently.

Be aware that ExcludeNodes and ExcludeExitNodes are different options in the torrc file. ExcludeNodes will completely avoid using them in any part of the chain be it entry node, middle or exit. ExcludeExitNodes just excludes them from being used as exit nodes. Your choice.

If you find a strange node again you can report it to InspecTor to make the Tor network a little bit better. Hope this helps.
Old 05-23-2011, 06:55 AM   #5
LQ Newbie
Registered: May 2011
Posts: 24

Original Poster
Rep: Reputation: 1
Thanks for the information katto!


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Checking mail seprob Linux - Server 2 01-03-2010 09:19 AM
checking mail for particular user gvanto Linux - Newbie 1 12-18-2009 11:49 AM
TOR: traffic between my workstation TOR entry point really not encrypted..? john99 Incognito 3 11-11-2009 02:06 AM
LXer: Electronic Spy Network - A TOR Connection? LXer Syndicated Linux News 2 03-31-2009 02:36 PM
Tor & Privoxy do other use my connection Mojojo Linux - Networking 3 06-04-2006 03:38 PM

All times are GMT -5. The time now is 02:45 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration