[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Odd behavior: same entry/exit node + more

     On Fri, 1 Feb 2008 19:28:34 -0500 Roger Dingledine <arma@xxxxxxx>
>On Fri, Feb 01, 2008 at 06:45:20AM -0800, Thomas Barvo wrote:
>> - A. Same Entry/Exit Node -
>> : Web browsing speed suddenly increases as if Tor wasn't running at
>> all - a quick check reveals an entry node displayed in netstat is also
>> the currently used exit node! When the exit node changes the speed
>> drops back down to what it was before, slow but typical considering
>> the project's purpose and so forth.
>> :: Why does this happen? Should there not be some internal check in
>> place to disallow an entry node from simultaneously becoming an exit
>> node?
>Tor makes sure that no circuit has the same entry and exit node. But one
>circuit could have a given node as its entry node, and another circuit
>could have that same node as its exit node. This shouldn't present much
>danger -- and in fact *not* allowing it would reduce your anonymity
>by further reducing the set of possible nodes you might be picking at
>each point.
>As for the speed increase, I am betting that was coincidence, at least
>until you give more hints. :)

     Can a tor client use its own server side as a middleman?
>> - B. The Same Five Through Ten Exit Nodes Being Used -
>> : I can browse for hours and watch the same IPs used as exit nodes
>> cycle, often with the problem mentioned in A. occurring at random.
>To load balance efficiently, Tor picks its exit nodes proportional to the
>bandwidth they claim to have (with a cap to prevent any single node from
>lying too much). There really aren't that many really fast exit nodes
>right now. I haven't counted them recently; ten seems on the low end,
>but not outrageously low.

     Really?  I thought it picked all nodes proportionally to the actual
bandwidth serviced in the 24 hours prior to the last published descriptor.
     Also, the documentation promotes the use of BandwidthRate and
BandwidthBurst for the purpose of limiting the bandwidth used by the
server.  Those values currently default to 5 and 10 MB/s, respectively.
That means that anyone who does not specify them in the torrc file is
likely to be "lying" by a *lot*.  Are there really so few server that omit
those lines from torrc that depending upon those values for load balancing
wouldn't cause a frequent misallocation of routes?  After all, as you
recently pointed out, the number of servers with available bandwidth that
high is still very small.

>See also http://freehaven.net/anonbib/#bauer:wpes2007
>> - C. Entry Nodes Sending Pings Back Or Other Attempts To Access My System -
>> : Why and what for?
>Depends. Do you have any more info?
>My guess is that you're running some Windows program that leaves out all
>the details and tries to make you alarmed at every packet. For example,
>perhaps it's sending ICMP unreachable packets at you, which are being
>interpreted as pings. "Attempts to access my system" sounds like you're
>quoting out of one of these dumb programs.

     Why would ICMP error packets of any kind go back to his machine rather
than to the exit node?
>> - D. Directory Related Errors: We stalled too much while trying to
>> write, etc., type Directory -
>> : Is my directory of nodes being trimmed down somehow by someone or
>> something? Or does this have a meaning of a different sort? I notice
>> this error once or twice every Tor run, at least.
>Are you running a local firewall (hardware or software) that limits what
>outgoing addresses or ports you can reach? Or is your net connection
>flaky or slow?

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at cs.niu.edu                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *