[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Odd behavior: same entry/exit node + more

On Fri, Feb 01, 2008 at 06:45:20AM -0800, Thomas Barvo wrote:
> - A. Same Entry/Exit Node -
> : Web browsing speed suddenly increases as if Tor wasn't running at
> all - a quick check reveals an entry node displayed in netstat is also
> the currently used exit node! When the exit node changes the speed
> drops back down to what it was before, slow but typical considering
> the project's purpose and so forth.
> :: Why does this happen? Should there not be some internal check in
> place to disallow an entry node from simultaneously becoming an exit
> node?

Tor makes sure that no circuit has the same entry and exit node. But one
circuit could have a given node as its entry node, and another circuit
could have that same node as its exit node. This shouldn't present much
danger -- and in fact *not* allowing it would reduce your anonymity
by further reducing the set of possible nodes you might be picking at
each point.

As for the speed increase, I am betting that was coincidence, at least
until you give more hints. :)

> - B. The Same Five Through Ten Exit Nodes Being Used -
> : I can browse for hours and watch the same IPs used as exit nodes
> cycle, often with the problem mentioned in A. occurring at random.

To load balance efficiently, Tor picks its exit nodes proportional to the
bandwidth they claim to have (with a cap to prevent any single node from
lying too much). There really aren't that many really fast exit nodes
right now. I haven't counted them recently; ten seems on the low end,
but not outrageously low.

See also http://freehaven.net/anonbib/#bauer:wpes2007

> - C. Entry Nodes Sending Pings Back Or Other Attempts To Access My System -
> : Why and what for?

Depends. Do you have any more info?

My guess is that you're running some Windows program that leaves out all
the details and tries to make you alarmed at every packet. For example,
perhaps it's sending ICMP unreachable packets at you, which are being
interpreted as pings. "Attempts to access my system" sounds like you're
quoting out of one of these dumb programs.

> - D. Directory Related Errors: We stalled too much while trying to
> write, etc., type Directory -
> : Is my directory of nodes being trimmed down somehow by someone or
> something? Or does this have a meaning of a different sort? I notice
> this error once or twice every Tor run, at least.

Are you running a local firewall (hardware or software) that limits what
outgoing addresses or ports you can reach? Or is your net connection
flaky or slow?