[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: multiple connections to ORPort from one IP address



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Scott Bennett wrote:
>      I just noticed a case of six connections to my server's ORPort that all
> came from the same IP address.  I'm trying to think of some legitimate reason
> for more than one connection from a given IP address to a particular server's
> ORPort, but haven't come up with any yet.  Any ideas out there?
> 
(snip)

In addition to the aforementioned NAT, remember two things:

1. By default, Tor will change circuits every ten minutes, but it only
keeps 3 entry guards by default. So no matter how many circuits there
are, they end up going through those three guards (unless, of course,
something happens to them).

2. A recommendation in the past to prevent correlation attacks, is to
run programs which need different "nyms," through separate Tor
processes. Indeed, I do have some setups which involve multiple
instances of Tor. By chance, these processes may potentially choose one
or more of the same entry guards.

- --
F. Fox
AAS, CompTIA A+/Network+/Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSERXe+j8TXmm2ggwAQjRjw/7B8O6jzWWm120rBIxAamaO8ky9W49MD8A
QyJPGri+lCDLo4rrKLIeQdbc2Qkbt7KaO3vtq8bpoWQAQgvII5XSfWXdzMwS/d1D
38iImENohoqGw3iOI8C5npA9hw0dKbCyJk9Kf9XAz+TJ8Y1gF1AhHjok+TrdL7Ho
P69yhPekHHpD9K4qf/ZsAbx1CC9Nvpp1jZ9Lo7AAmsaDezNu9/QfjWJ9vodJemqd
b3pGBheFPIx4YfNuicZiZS19JcLoZZ00nHru66apvd/+wNh+7TdQ4bnaLywiLr6N
LX+8XEfBf36/T5W5icuFhPsc27eOT8Ovg3T8ALGicQmhtqi2k6PRcELMaDPg7I7X
LPG1c0JL3dm+BmfV/DLS+6DXboqXRbeDIkJXr5e2TWhUe7FvBD92BNdI/SKNcnMn
jCIxscQoFMxOjBbiq25bC2me/6uZkReGUWtESQiDV6w3VRoR7/d1NGSnTPci2xhz
3bDOG9KPn4M74WB/H7k0Ii28A3+kABrhBFtHtwAWgNGprmyo2HycICXR75sekNnC
2CIBNhNojDnVOJNqaxYC0CN5YVzBlcvmBhmVzI7BgYgadS1Qt+QPlpb9rWqgfIUz
ioy/FB205EwYjG5N5zH/snXc3f5Ten2rznPjfzowNMSj6KeLHC6vOlTeuzdYNBTr
QI7qy7VxTAc=
=avQk
-----END PGP SIGNATURE-----