[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #11624 [Tor]: Malicious relays may be able to be assigned Exit flag without exiting anywhere

Subject: [tor-bugs] #11624 [Tor]: Malicious relays may be able to be assigned Exit flag without exiting anywhere
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sun, 27 Apr 2014 15:55:08 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 27 Apr 2014 11:55:21 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#11624: Malicious relays may be able to be assigned Exit flag without exiting
anywhere
--------------------+----------------------------------
 Reporter:  tom     |          Owner:
     Type:  defect  |         Status:  new
 Priority:  minor   |      Milestone:
Component:  Tor     |        Version:  Tor: unspecified
 Keywords:          |  Actual Points:
Parent ID:          |         Points:
--------------------+----------------------------------
 The IANA for Multicast addresses indicates there are many /8's that are
 not yet allocated[0], such as 232.0.0.0-232.255.255.255.

 The current voting mechanism in exit_policy_is_general_exit_helper allows
 an Exit flag to be assigned if it supports exiting to at least one /8 for
 2 out of 3 ports of [80, 443, 6667]. exit_policy_is_general_exit_helper
 calls tor_addr_is_internal, this function only looks for the following
 IPv4 spaces: 10/8, 0/8, 127/8, 169.254/16, 172.16/12, 192.168/16.

 A relay could put one of the unallocated IPv4 blocks and fool the
 Directory Authorities.  Of course, if such a relay really wanted to do
 this, they could also set their relay up to exit to an uninteresting /8 no
 one would ever visit, such as one of the many military/DoD /8's.

 Zack Weinberg's thread on tor-relays seems to have a good collection of
 addresses[1]. Other sources are the exclude list from massscan[2] and the
 IANA registry[3].

 This would probably doubly true for IPv6, which only looks for fc00/7,
 fe80/10, fec0/10 - but right now exit_policy_is_general_exit_helper
 ignores IPv6.

 [0] http://www.iana.org/assignments/multicast-addresses/multicast-
 addresses.xhtml
 [1] https://lists.torproject.org/pipermail/tor-
 relays/2014-April/004431.html
 [2]
 https://github.com/robertdavidgraham/masscan/blob/master/data/exclude.conf
 [3] http://www.iana.org/assignments/ipv4-address-space/ipv4-address-
 space.xhtml

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11624>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #11624 [Tor]: Malicious relays may be able to be assigned Exit flag without exiting anywhere
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #11623 [Tor]: tor-0.2.5.4-alpha and git/HEAD fail to build when --disable-buf-freelists
Next by Author: Re: [tor-bugs] #11623 [Tor]: tor-0.2.5.4-alpha and git/HEAD fail to build when --disable-buf-freelists
Previous by thread: Re: [tor-bugs] #11623 [Tor]: tor-0.2.5.4-alpha and git/HEAD fail to build when --disable-buf-freelists
Next by thread: Re: [tor-bugs] #11624 [Tor]: Malicious relays may be able to be assigned Exit flag without exiting anywhere
Index(es):
- Author
- Thread