[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Sniffing OR-OR connections by rerouting them

On 6/28/05, dvorak <dvorak@xxxxxxxxx> wrote:
> Tor circuits are build based on OR (Onion router) to OR connections.
> An OP (onion proxy) that wants to connect to a webserver through the
> tor network selects n (3 in the default configuration) OR's through
<big snip>

Let me repeat that and see if I have it straight.

For any Tor node A I can poison its connection cache by asking it to
connect to B, but giving the IP address of a proxy instead. Once that
has happened any other requests going though A, asking to connect to
B, will in fact go via my proxy since A believes that it already has a
connection to B.

I can't think of any reason why this shouldn't work. The solution is
probably to have B tell A what its IP *should* be after connection. We
could have A check the directory for B's IP address but clients may
wish to tunnel via routers which aren't listed in the directory etc. I
think having B tell the and connected nodes it's IP address is a more
general solution.

To reduce the number of round trips for a connection this information
can be packed into the certificate.

I'm still wondering about this since there are often many ways to
reach a given host on the net, but I guess there should always be a
canonical address for any router (that which it would publish to the


Adam Langley                                      agl@xxxxxxxxxxxxxxxxxx
http://www.imperialviolet.org                       (+44) (0)7906 332512
PGP: 9113   256A   CC0F   71A6   4C84   5087   CDA5   52DF   2CB6   3D60