[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Do these break Tor's anonymity?
On Wed, Feb 15, 2006 at 01:57:02AM -0800, Anothony Georgeo wrote:
:I have searched the web and the wiki but I have not found an answer. Would someone be so kind as to please answer the following three questions?
:Does the following break Tor's anonymity?
:1. Egress Echo requests.
:If egress Echo does break anonymity is there a way to anonymize the egress Echo traffic?
I don't know what that is, do you mean ping? If so that's ICMP not TCP
so tor doesn't handle it.
:2. Wlan Mac address.
:If the Mac address does breaks anonymity is there a way to anonymize it?
No your mach address is only seen by people on teh same layer 2
network and always associated with your real IP, so any one who can
see that can see your IP and that your sending traffic to a tor
server, but not what that traffic is or where it's ultimately going.
:3. Egress traffic to "xxx.x.x.in.addr.arpa".
:I see this domain with different IP's in my firewall logs; I found this little site which mentions reverse-dns-lookup with "...in.addr.arpa"
:I assume the "...in.addr.arpa" address is the address of the EntryGuard but I am not positive.
this is just part of how you can resolve a host name from an IP
address (a reverse look up, getting IP from host name is a forward
look up). For example my workstaion has an IP address of
18.104.22.168, to see what name that system has my resolver queries
22.214.171.124.in-addr.arpa (notice the IP address in reversed order)
and gets spoon.csail.mit.edu.
[jon@spoon ~]$ host 126.96.36.199
188.8.131.52.in-addr.arpa domain name pointer spoon.csail.mit.edu.
I would suspect this shows up in your logs when the IP address the
packets (claim to) comefrom doesn't have a DNS entry.