[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Do these break Tor's anonymity?



On Wed, Feb 15, 2006 at 01:57:02AM -0800, Anothony Georgeo wrote:
:Hello,
:
:I have searched the web and the wiki but I have not found an answer.  Would someone be so kind as to please answer the following three questions?
:
:Does the following break Tor's anonymity?  
:
:1. Egress Echo requests.
:
:If egress Echo does break anonymity is there a way to anonymize the egress Echo traffic?

I don't know what that is, do you mean ping? If so that's ICMP not TCP
so tor doesn't handle it.

:
:2. Wlan Mac address.
:
:If the Mac address does breaks anonymity is there a way to anonymize it?


No your mach address is only seen by people on teh same layer 2
network and always associated with your real IP, so any one who can
see that can see your IP and that your sending traffic to a tor
server, but not what that traffic is or where it's ultimately going.


:3. Egress traffic to "xxx.x.x.in.addr.arpa".
:
:I see this domain with different IP's in my firewall logs; I found this little site which mentions reverse-dns-lookup with "...in.addr.arpa"
:www.tcpipguide.com/free/t_DNSReverseNameResolutionUsingtheINADDRARPADomain-2.htm
:
:I assume the "...in.addr.arpa" address is the address of the EntryGuard but I am not positive.

this is just part of how you can resolve a host name from an IP
address (a reverse look up, getting IP from host name is a forward
look up).  For example my workstaion has an IP address of
128.30.28.19, to see what name that system has my resolver queries
19.28.30.128.in-addr.arpa (notice the IP address in reversed order)
and gets spoon.csail.mit.edu.

[jon@spoon ~]$ host 128.30.28.19
19.28.30.128.in-addr.arpa domain name pointer spoon.csail.mit.edu.

I would suspect this shows up in your logs when the IP address the
packets (claim to) comefrom doesn't have a DNS entry.