[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Do these break Tor's anonymity?

On Wed, Feb 15, 2006 at 01:57:02AM -0800, Anothony Georgeo wrote:
:I have searched the web and the wiki but I have not found an answer.  Would someone be so kind as to please answer the following three questions?
:Does the following break Tor's anonymity?  
:1. Egress Echo requests.
:If egress Echo does break anonymity is there a way to anonymize the egress Echo traffic?

I don't know what that is, do you mean ping? If so that's ICMP not TCP
so tor doesn't handle it.

:2. Wlan Mac address.
:If the Mac address does breaks anonymity is there a way to anonymize it?

No your mach address is only seen by people on teh same layer 2
network and always associated with your real IP, so any one who can
see that can see your IP and that your sending traffic to a tor
server, but not what that traffic is or where it's ultimately going.

:3. Egress traffic to "xxx.x.x.in.addr.arpa".
:I see this domain with different IP's in my firewall logs; I found this little site which mentions reverse-dns-lookup with "...in.addr.arpa"
:I assume the "...in.addr.arpa" address is the address of the EntryGuard but I am not positive.

this is just part of how you can resolve a host name from an IP
address (a reverse look up, getting IP from host name is a forward
look up).  For example my workstaion has an IP address of, to see what name that system has my resolver queries (notice the IP address in reversed order)
and gets spoon.csail.mit.edu.

[jon@spoon ~]$ host domain name pointer spoon.csail.mit.edu.

I would suspect this shows up in your logs when the IP address the
packets (claim to) comefrom doesn't have a DNS entry.