[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: another unusual connection



On Fri, Feb 08, 2008 at 02:45:04AM -0600, Scott Bennett wrote:
>      I've been reading these reports on this list carefully and with growing
> alarm.  How is it that the reachability testing routine(s) fail to discover
> that, upon connecting to the supposed new IP address on whichever TCP port the
> tor server is using, it is *not connected to itself*?  I had been assuming all
> along that the reachability testing would check for something so obviously
> important.  Does DirPort reachability testing also fail to check the identity
> of the server that answers its connection attempt?

I think you're confusing the IP address guessing with the reachability
detection.

The IP address guessing is known to be not perfect. I mean, heck, it's
based on plaintext unauthenticated claims from some dude running a Tor
relay somewhere in the world. But in general it's quite a bit better
than nothing, which was the previous option.

(Once we have our netinfo cells up and running, we may be able to make
it encrypted and authenticated. Which will help a little bit.)

The reachability detection is also known to not be perfect. It just has
to weed out most of the problems and the directory authorities can then
test the rest.

>      It makes me wonder what other glaring holes may exist in tor's various
> checking/testing routines.

"Submit a patch."

--Roger