Re: Sniffing OR-OR connections by rerouting them

[Paul Syverson <syverson@xxxxxxxxxxxxxxxx>]

On Tue, Jun 28, 2005 at 11:07:53AM +0100, Adam Langley wrote:
> On 6/28/05, dvorak <dvorak@xxxxxxxxx> wrote:
> > Tor circuits are build based on OR (Onion router) to OR connections.
> > An OP (onion proxy) that wants to connect to a webserver through the
> > tor network selects n (3 in the default configuration) OR's through
> <big snip>
> 
> Let me repeat that and see if I have it straight.
> 
> For any Tor node A I can poison its connection cache by asking it to
> connect to B, but giving the IP address of a proxy instead. Once that
> has happened any other requests going though A, asking to connect to
> B, will in fact go via my proxy since A believes that it already has a
> connection to B.
> 
> I can't think of any reason why this shouldn't work. The solution is
> probably to have B tell A what its IP *should* be after connection. We
> could have A check the directory for B's IP address but clients may
> wish to tunnel via routers which aren't listed in the directory etc. I
> think having B tell the and connected nodes it's IP address is a more
> general solution.
> 
> To reduce the number of round trips for a connection this information
> can be packed into the certificate.
> 
> I'm still wondering about this since there are often many ways to
> reach a given host on the net, but I guess there should always be a
> canonical address for any router (that which it would publish to the
> directory).
> 

A default URI in the directories rather than an IP address takes care
of dynamic IP and the like. Then we can just rely on secure DNS ;>)

For these and the reasons Adam raises it could also make sense for
Alice to tell Bob the IP address she has for him. If it is acceptable,
no action from Bob need be taken other than continuing the connection.
If it is unknown/unacceptable, Bob can send back a currently acceptable
alternative and then kill the connection.

aloha,
Paul