Thus spake Mike Perry (mikeperry@xxxxxxxxxx): > Thus spake torsecurity (torbridges.security@xxxxxxxxx): > > > I use a tor bridge (freedomwithwall) connecting to Tor and it seems > > doing well. But when I observe ( four) circuits the Tor created, I > > find the second and the last tor nodes do not exsit! Their nicknames > > are not in the cached-descriptors or cached-descriptors.new files. > > The Vidalia can not show their IPs also, just show the > > freedomwithwall's IP. > > > > I have never seen this happen before. > > > > Is the bridge freedomwithwall a mallicious node and the middle and > > exit nodes are fake? > > Barring some serious vulnerability the likes of which we haven't yet > seen, Tor cannot extend to relays without knowing their public key, > even if you are using a malicious bridge. At best, a malicious bridge > can only prevent you from connecting to peers that it doesn't like. > > Most likely this is a bug in Vidalia and/or a race between Tor > receiving descriptors and updating those cached files. Right after sending this, Roger reminded me that this bug would have allowed exactly what you described back in the 0.1.1.x days. http://archives.seul.org/or/announce/Aug-2005/msg00002.html So it's not outside of the realm of posibility, but probably is still on the unlikely side. Keep an eye out, anyways. -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpC5P6Imje9T.pgp
Description: PGP signature