On Tue, Feb 18, 2014 at 02:03:58PM +0100, Max Jakob Maass wrote: > I am currently running two RIPE Atlas probes [0] and had accumulated > some points to use their measurement API, so I set up a measurement to > check the SSL Certificate of torproject.org from as many countries as > possible to detect MITM attacks on the website (mostly from state > actors). I also requested the DNS A-Record for torproject.org (to > check for falsified DNS records).
That's quite exciting -- thanks for sharing the data! > Then, there are some US-american probes that are returning an > SSL-Certificate for *.opendns.com instead of the correct result. I > have no idea what's going on there, but as opendns is a sponsor of the > RIPE atlas, it may be that they are hosting a bunch of probes behind a > SSL-terminating firewall for some reason. Still, if someone wants to > look into it, it may be interesting. The probes might be using OpenDNS as their DNS resolver. OpenDNS can block website categories such as "proxy/anonymiser" which happens to contain torproject.org. When resolving a blocked domain, you are being redirected to an OpenDNS page explaining what happened. Every now and then, there are exit relays which have the same problem. Cheers, Philipp -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
