tor

As of January 2014, the Tor anonymity network consists of 5,000 relays of which almost 1,000 are exit relays. As the diagram to the right illustrates, exit relays bridge the gap between the Tor network and the “open” Internet. As a result, exit relays are able to see anonymised network traffic as it is sent by Tor clients.

While most exit relays are innocuous and run by well-meaning volunteers, there are exceptions: In the past, some exit relays were documented to have sniffed and tampered with relayed traffic. The exposed attacks included mostly HTTPS man-in-the-middle (MitM) and SSL stripping.

In this research project, we are monitoring all exit relays for several months in order to expose, document, and thwart malicious or misconfigured relays. In particular, we monitor exit relays with a fast and modular scanner we developed specifically for that purpose. Since September 2013, we discovered several malicious or misconfigured exit relays which are listed below. These exit relays engaged in various attacks such as SSH and HTTPS MitM, HTML injection, and SSL stripping. We also found exit relays which were unintentionally interfering with network traffic because they were subject to DNS censorship.

This project is funded by a research grant provided by Internetfonden. Previous work of ours investigated how Tor is blocked and how censorship can be circumvented.


In January 2014, we published a technical report which discusses our first findings. The report is available below.


The following table contains all malicious or misconfigured exit relays we discovered since September 2013. The columns show a relay's truncated unique fingerprint, its country and IP address(es), the attack or misconfiguration, when it was first active, and when we discovered it. For a more detailed analysis of all attacks, please refer to our research paper.

Update 2014-01-21: We should explain what our findings actually mean for Tor users. While the list below might appear scary, it is important to understand that these are merely 25 out of more than 1,000 relays over four months! In fact, the exact amount of benign relays during that time remains an open question as we didn't determine the churn rate. Either way, it is a very small fraction which means that Tor users are not likely to encounter many such relays “in the wild”. Furthermore, Tor's path selection algorithm prefers faster relays over slower ones. Many of the relays listed below contributed little bandwidth which makes them even less likely to be chosen as exit relay. And even if you, as a user, happen to select a malicious exit relay, it doesn't mean that everything is lost. TorBrowser ships with extensions such as HTTPS-Everywhere which are able to foil some HTTPS-based attacks. Finally, all of the attacks we found are of course not limited to the Tor network. You might very well be more exposed to these attacks on any public WiFi.

Fingerprint IP address Country Attack Bandwidth First active Discovery
F8FD29D0 176.99.12.246 russia HTTPS MitM 7.16 MB/s 2013-06-24 2013-07-13
8F9121BF 64.22.111.168/29 us HTTPS MitM 7.16 MB/s 2013-06-11 2013-07-13
93213A1F 176.99.9.114 russia HTTPS MitM 290 KB/s 2013-07-23 2013-09-19
05AD06E2 92.63.102.68 russia HTTPS MitM 5.55 MB/s 2013-08-01 2013-09-19
45C55E46 46.254.19.140 russia SSH & HTTPS MitM 1.54 MB/s 2013-08-09 2013-09-23
CA1BA219 176.99.9.111 russia HTTPS MitM 334 KB/s 2013-09-26 2013-10-01
1D70CDED 46.38.50.54 russia HTTPS MitM 929 KB/s 2013-09-27 2013-10-14
EE215500 31.41.45.235 russia HTTPS MitM 2.96 MB/s 2013-09-26 2013-10-15
12459837 195.2.252.117 russia HTTPS MitM 3.45 MB/s 2013-09-26 2013-10-16
B5906553 83.172.8.4 russia HTTPS MitM 850 KB/s 2013-08-12 2013-10-16
EFF1D805 188.120.228.103 russia HTTPS MitM 287 KB/s 2013-10-23 2013-10-23
229C3722 121.54.175.51 hong kong SSL stripping 106 KB/s 2013-06-05 2013-10-31
4E8401D7 176.99.11.182 russia HTTPS MitM 1.54 MB/s 2013-11-08 2013-11-09
27FB6BB0 195.2.253.159 russia HTTPS MitM 721 KB/s 2013-11-08 2013-11-09
0ABB31BD 195.88.208.137 russia SSH & HTTPS MitM 2.3 MB/s 2013-10-31 2013-11-21
CADA00B9 5.63.154.230 russia HTTPS MitM 187 KB/s 2013-11-26 2013-11-26
C1C0EDAD 93.170.130.194 russia HTTPS MitM 838 KB/s 2013-11-26 2013-11-27
5A2A51D4 111.240.0.0/12 taiwan HTML injection 182 KB/s 2013-11-23 2013-11-27
EBF7172E 37.143.11.220 russia SSH MitM 4.34 MB/s 2013-11-15 2013-11-27
68E682DF 46.17.46.108 russia SSH & HTTPS MitM 60 KB/s 2013-12-02 2013-12-02
533FDE2F 62.109.22.20 russia SSH & HTTPS MitM 896 KB/s 2013-12-06 2013-12-08
E455A115 89.128.56.73 spain SSL stripping 54 KB/s 2013-12-17 2013-12-18
02013F48 117.18.118.136 hong kong DNS censorship 538 KB/s 2013-12-22 2014-01-01
2F5B07B2 178.211.39 turkey DNS censorship 204 KB/s 2013-12-28 2014-01-06
4E2692FE 24.84.118.132 canada OpenDNS blocking 52 KB/s 2013-12-21 2014-01-06

Our exit relay scanner exitmap is freely available under the GPLv3 license. It is written in pure Python and makes use of the library Stem. The scanner comes with some modules included but if you decide to write your own module, please contact us so we can include it in the main repository. Note that if your module makes use of standalone tools such as OpenSSH, you will need to use our patch for torsocks. You can get a copy of exitmap from GitHub:

git clone https://github.com/NullHypothesis/exitmap.git

Our Torbutton patches are also available on GitHub. Please note that the patches are highly experimental and should only be understood as proof of concept. As a result, the code is incomplete and not safe for practical use.

git clone -b multicircuit_verification https://github.com/NullHypothesis/torbutton.git

You can contact Philipp using <philipp.winter@kau.se>. Please consider using OpenPGP with this public key. You can also contact Stefan using <stefan.lindskog@kau.se>.

kau prisec internetfonden

Last updated: 2014-01-20