[liberationtech] Tor Exit Nodes Mapped and Located | HackerTarget.com

Sun Mar 10 11:32:20 PDT 2013

http://hackertarget.com/tor-exit-node-visualization/

Tor Exit Nodes Located and Mapped

Tor Exit Nodes are the gateways where encrypted Tor traffic hits the
Internet. This means an exit node can be abused to monitor Tor traffic
(after it leaves the onion network). It is in the design of the Tor
network that locating the source of that traffic through the network
should be difficult to determine. However if the exit traffic is
unencrypted and contains identifying information then an exit node can
be abused.

The torproject therefore is dependent on a diverse and wide range of
exit nodes. This update to an older page is where I attempt to display
the exit nodes diversity in a Google map with Geolocation. The map was
built using Google Maps API v3, with Marker Clusterer.

The majority of exit nodes are likely not monitored and are “safe”,
they are managed by good Internet citizens who believe in the aims of
the Tor project. However even a handful of bad nodes could be a threat
as exit nodes are periodically changed as you use the Tor network.
Understand the Technology, Understand the Risks

Use of the Tor Project by activists and Human Rights Defenders can be
a valuable tool in avoiding surveillance; however you should always
have a good understanding of the risks and keep your traffic encrypted
end to end, as any of these exit nodes could be watching your traffic
flows.

At the most basic level unless you are using encrypted protocols
(HTTPS / SSH / TLS), the Tor traffic could be monitored. Here are two
simple examples:

- Using a forum that does not use HTTPS your login, password, session
cookie and posts could all be captured.
- If you send an email using SMTP (no TLS) then the email could be intercepted.
- To gain an understanding of the technology the Tor Project website
is the best place to start.

Tor Exit Nodes Geo-Located on a Google Map

These nodes are from February 27, I am working on scripting this up so
that it is updated daily with the latest list of exit nodes. The list
was downloaded from Blutmagie in csv format. Geolocation was performed
against the IP addresses using the Free GeoIP API which seemed to have
better coverage than MaxMind Geocities Lite.

>From the map it is clear to see the high concentration of Tor exit
nodes within Europe, once you start to zoom in and see the European
nodes it is clear there is quite a spread of locations where the Tor
nodes are operating.

Taking a closer look at the Internet Providers

Using the Shadowserver Whois service I also mapped the Tor exit node
IP addresses against the ASN and Netblock.

The Internet service providers from the chart are the top 25 with the
highest concentrations of Tor exit nodes.

In this post I have touched on some of the security threats and
benefits of the Tor network. I encourage anyone intending to use the
Tor network, to do some solid research around Operational security. If
you are using Tor to bypass a proxy you should understand the risks to
your traffic. If you are an activist using Tor to avoid monitoring by
oppressive regimes, you really need to have a solid understanding of
the technology, without knowing the threats you are putting yourself
and perhaps others at risk.