Tor Misconfiguration can Expose Hidden IP Address

[AlphaAtlas]

Security Researcher Yonathan Klijnsma discovered a vulnerability in many sites on the anonymized Tor network. These sites are configured to listen to any IP address, allowing the RiskIQ web-crawling service to identify the servers' IP addresses through SSL certificates. As he publicly exposed the IPs of several .onion sites, users on Twitter accused Klijnsma of attacking the Tor service. Klijnsma responded by saying he's trying to secure the Tor network, not sabotage it, and that Tor websites should be properly configured to "only listen on 127.0.0.1."


When asked how often he sees misconfigured servers that expose their public IP address, he told us that it is quite common. "Continuously. I'm not even kidding. Some don't listen on http/https, so I don't know what they are, but they have onion addresses and live on both clear and dark web." Klijnsma told BleepingComputer.

 

[Schtask]

Nicely done Alpha.

 

[arnemetis]

I thought it was common knowledge by now that the Tor network is entirely untrustworthy? Who's even using it anymore?

 

[Schtask]

I thought it was common knowledge by now that the Tor network is entirely untrustworthy? Who's even using it anymore?

Malware uses it quite a bit. lol

 

[ZeqOBpf6]

I thought it was common knowledge by now that the Tor network is entirely untrustworthy? Who's even using it anymore?

any more info?

 

[Schtask]

any more info?

Yeah. Nation states and threat actors can monitor exit and entrance nodes and stitch the data together. Not so secure after that. Amongst other things.