[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: I'm seeing someone else's localhost.localdomain



On Wed, Jul 06, 2005 at 01:18:53AM -0700, mjbjr@xxxxxxxxxxxxxx wrote:
> In firefox, which is assigned to use the privoxy/tor web proxy combo,
> the URL 'http://pgsql.localhost.localdomain/' returns a php admin
> page titled 'H-Sphere'.  I don't have php installed on any of my
> machines.
> 
> The URL continues to read 'http://pgsql.localhost.localdomain/'.
[snip]
> I assume I'm seeing the localhost.localdomain pages being served by
> the various tor servers my requests finally end up going through.

Right. What's actually happening in this case is that you ask the remote
side to resolve "pgsql.localhost.localdomain" for you, and the first few
people probably tell you "gosh, I have no idea", and then you hit upon a
Tor server with a busted resolver. That is, it resolves every hostname
it doesn't recognize to 127.0.0.1. Then it probably sends back a "but
my exit policy doesn't let me get to that" message. Your Tor client,
now equipped with the correct IP address for this hostname, then looks
through its directory for a Tor server that allows exit to 127.0.0.1:80,
and makes its next circuit exit from that server.

> If I'm correct, it would seem that this shouldn't be happening...
> seeing a tor server machine's internal files, and/or other servers.

Hey, these folks opened *:80 on their servers. They get warns when they
start Tor, if they didn't explicitly ask to accept 127.0.0.1:80.

In all cases I've seen so far, you can get exactly the same page by
going to port 80 of their public IP address. So I'm not too worried.

There's a todo item on tor.eff.org/volunteer.html which asks if anybody
wants to track down what is causing the "I think I'll resolve everything
to localhost" bug. I presume it's default behavior on some broken OS
out there, likely Win32 or OS X. Anybody?

--Roger