[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: multiple connections to ORPort from one IP address

     On Mon, 02 Jun 2008 13:26:36 -0700 "F. Fox" <kitsune.or@xxxxxxxxx>
>Scott Bennett wrote:
>>      I just noticed a case of six connections to my server's ORPort that all
>> came from the same IP address.  I'm trying to think of some legitimate reason
>> for more than one connection from a given IP address to a particular server's
>> ORPort, but haven't come up with any yet.  Any ideas out there?
>In addition to the aforementioned NAT, remember two things:
>1. By default, Tor will change circuits every ten minutes, but it only
>keeps 3 entry guards by default. So no matter how many circuits there
>are, they end up going through those three guards (unless, of course,
>something happens to them).

     All circuits (originating from the same tor process) using the same
entry guard should go through a single TCP connection.
>2. A recommendation in the past to prevent correlation attacks, is to
>run programs which need different "nyms," through separate Tor
>processes. Indeed, I do have some setups which involve multiple
>instances of Tor. By chance, these processes may potentially choose one
>or more of the same entry guards.

     I guess that is indeed a possibility, though I would expect it to
be a rare exception, rather than a common situation.  Thanks for the
thought, which, like multiple clients running on separate systems behind
a NAT server, had escaped me.

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at cs.niu.edu                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *