[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: multiple connections to ORPort from one IP address
On Mon, 02 Jun 2008 13:26:36 -0700 "F. Fox" <kitsune.or@xxxxxxxxx>
wrote:
>Scott Bennett wrote:
>> I just noticed a case of six connections to my server's ORPort that all
>> came from the same IP address. I'm trying to think of some legitimate reason
>> for more than one connection from a given IP address to a particular server's
>> ORPort, but haven't come up with any yet. Any ideas out there?
>>
>(snip)
>
>In addition to the aforementioned NAT, remember two things:
>
>1. By default, Tor will change circuits every ten minutes, but it only
>keeps 3 entry guards by default. So no matter how many circuits there
>are, they end up going through those three guards (unless, of course,
>something happens to them).
All circuits (originating from the same tor process) using the same
entry guard should go through a single TCP connection.
>
>2. A recommendation in the past to prevent correlation attacks, is to
>run programs which need different "nyms," through separate Tor
>processes. Indeed, I do have some setups which involve multiple
>instances of Tor. By chance, these processes may potentially choose one
>or more of the same entry guards.
I guess that is indeed a possibility, though I would expect it to
be a rare exception, rather than a common situation. Thanks for the
thought, which, like multiple clients running on separate systems behind
a NAT server, had escaped me.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at cs.niu.edu *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************