[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: multiple connections to ORPort from one IP address
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: multiple connections to ORPort from one IP address
- From: "F. Fox" <kitsune.or@xxxxxxxxx>
- Date: Mon, 02 Jun 2008 13:26:36 -0700
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Mon, 02 Jun 2008 16:26:50 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; bh=D9+5F7TRn+6tInIBLdEextChz3Xac4X/t035/iE8Xa4=; b=qam+s7XnajLJmUj6TB5GxmEcStYmTMonSxAsVwPswDIjom4ujDbvccOjstmLVS4hbepCzDuVSboo/HLNrsHdVHaOhLEvSgcdAih7qOhPwhXiaf0eu/UJ05CnwnhKnY97eg4NC0lSIcoCo3i37RndUaDO4J9OqxJwEJ9qE7ashuQ=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; b=JPXudsVRqImUY49mUCi8dJFY+bkfQxOST+S5kFQEE9UBOScas/ALMBAdmoErof7OWrUAmY5mmkTNGWhFUwW97WOTPKv0MPwwVbmz7fBavPJ3duxwV6aspAbx/PEbkEx/BZzzq/nnqGIlikGrWgboJROFVPLCUqDbWmi3QpiY+00=
- In-reply-to: <200806011344.m51Di96b015739@xxxxxxxxxxxxx>
- References: <200806011344.m51Di96b015739@xxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Mozilla-Thunderbird 2.0.0.14 (X11/20080509)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Scott Bennett wrote:
> I just noticed a case of six connections to my server's ORPort that all
> came from the same IP address. I'm trying to think of some legitimate reason
> for more than one connection from a given IP address to a particular server's
> ORPort, but haven't come up with any yet. Any ideas out there?
>
(snip)
In addition to the aforementioned NAT, remember two things:
1. By default, Tor will change circuits every ten minutes, but it only
keeps 3 entry guards by default. So no matter how many circuits there
are, they end up going through those three guards (unless, of course,
something happens to them).
2. A recommendation in the past to prevent correlation attacks, is to
run programs which need different "nyms," through separate Tor
processes. Indeed, I do have some setups which involve multiple
instances of Tor. By chance, these processes may potentially choose one
or more of the same entry guards.
- --
F. Fox
AAS, CompTIA A+/Network+/Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBSERXe+j8TXmm2ggwAQjRjw/7B8O6jzWWm120rBIxAamaO8ky9W49MD8A
QyJPGri+lCDLo4rrKLIeQdbc2Qkbt7KaO3vtq8bpoWQAQgvII5XSfWXdzMwS/d1D
38iImENohoqGw3iOI8C5npA9hw0dKbCyJk9Kf9XAz+TJ8Y1gF1AhHjok+TrdL7Ho
P69yhPekHHpD9K4qf/ZsAbx1CC9Nvpp1jZ9Lo7AAmsaDezNu9/QfjWJ9vodJemqd
b3pGBheFPIx4YfNuicZiZS19JcLoZZ00nHru66apvd/+wNh+7TdQ4bnaLywiLr6N
LX+8XEfBf36/T5W5icuFhPsc27eOT8Ovg3T8ALGicQmhtqi2k6PRcELMaDPg7I7X
LPG1c0JL3dm+BmfV/DLS+6DXboqXRbeDIkJXr5e2TWhUe7FvBD92BNdI/SKNcnMn
jCIxscQoFMxOjBbiq25bC2me/6uZkReGUWtESQiDV6w3VRoR7/d1NGSnTPci2xhz
3bDOG9KPn4M74WB/H7k0Ii28A3+kABrhBFtHtwAWgNGprmyo2HycICXR75sekNnC
2CIBNhNojDnVOJNqaxYC0CN5YVzBlcvmBhmVzI7BgYgadS1Qt+QPlpb9rWqgfIUz
ioy/FB205EwYjG5N5zH/snXc3f5Ten2rznPjfzowNMSj6KeLHC6vOlTeuzdYNBTr
QI7qy7VxTAc=
=avQk
-----END PGP SIGNATURE-----