1

A normal tor chain is like this :

Client -> Tor Node -> Tor Node -> Tor Exit Node -> Server

Is it possible to have this schema ( two chains ) :

Client -> Tor Node -> Tor Node -> Tor Exit Node (Sniffer) -> Tor Node -> Tor Node -> Tor Exit Node -> Server ? Could you explain why is it a yes or a no ?

I know that there is a Tor Exit Node List, but is it exhaustive ? Is each exit node verified to be a real exit node ?

EDIT

My question is about exit nodes and not the chain length. Exit nodes see unecrypted data so it can send it to the server. Can an attacker who host the exit node at this step sniff the data, and not send it to the server directly but using a new tor chain in order to be totaly anonymous ?

yeska
  • 113
  • 3

1 Answers1

2

There wouldn't really be any benefit to the attacker sniffing the exit traffic and then routing it over Tor again. Theoretically it would be possible. They can run an exit node, and configure their system to then tunnel all outbound traffic through another Tor client using SOCKS. This wouldn't make them more "anonymous" in this attack. If anything it'd potentially draw more attention to their exit because final exit IP address would be different from the exit node in your circuit.

When your Tor client builds a circuit, you can see the entry, middle, and exit nodes your traffic will pass through and get the IP addresses of each of them including the exit node.

Assuming that someone was doing this, you could easily test it by going to a website that tells you your IP address, and if it shows an address that doesn't belong to the exit node for your circuit, something weird is going on.

Keep in mind, the exit node can only see unencrypted traffic that passes through it. If you visit an HTTPS site over TLS, or connect to an encrypted service like SSH, the exit can only see encrypted traffic and will not be able to decrypt it.

drew010
  • 270
  • 1
  • 7