[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] RFC1918 addresses on outside interface

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] RFC1918 addresses on outside interface
From: grarpamp <grarpamp@xxxxxxxxx>
Date: Fri, 30 Nov 2012 15:23:13 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 30 Nov 2012 20:09:38 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=6TzaxwVJgoA+WojxuOOGESTncIjIzjXq42tae9ORkj4=; b=fqjfsPl3rcHcOrzeAbaG3WcIGx5JWQFWcNBR5/Lyr7yWB6IMwVMskTkpjHBL3z+g6F 8qHQXEmK+Bv4mtMaz6aMw8k+mW0aj+dQ2MFzlhYiMw8pzLpYsx5bdE6hPK4hrTqvY+9q u2qVJmK0WJhg8ofwpzmWI0i76cXZqMrLrtBFAw90d06icKoRTbO1maGNkrhNZg89UWQc GD15orLHjb94aSk4n3hyBPqUX/ILPK886q+DNrvmP1ozG7TJ3kb3BdYaaSbNH8dawMoN mQBkR/BvnW8xJ2EBTyos0rGMCbwuWNPRfK1pbJSNaXIvE0DOL4f9Y4NVj7Wq9sdNhBIv 40ww==
In-reply-to: <20121130150749.GA20533@xxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <cf5866d82c4bd2f3f63aaf3875539857.squirrel@xxxxxxxxxxxxxxxxxxxxxx> <1TdrC5-000GmG-4R@xxxxxxxxxxxxxxxxxxxx> <20121130150749.GA20533@xxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

>> > Running a non-exit Tor relay on Linux and have iptables set up to block
>> > inbound and outbound RFC1918 addresses on the outside interface. Notice in
>> > the firewall logs several seemingly random private IP addresses connection
>> > attempts to my relay port getting dropped on the outside over the past few
>> > months. The MAC address associated with these matches my ISP's default
>> > gateway.
>> >
>> > Does Tor do some type of loopback on the outside int.? Or is my ISP doing
>> > something peculiar with NAT?

Regarding RFC1918 observations...
ISP's with clue are supposed to do reverse path filtering on
their customer connections (src), and not route 1918 space
beyond their borders (dst).
It is more likely to see 1918 space in src addresses on the net
because some ISP somewhere forgot RPF.
And common to see 1918 in dst addresses if you're hosted
in some amateur datacenter that hasn't figured out VLAN's.
Most ISP's and transits with clue block it all as well as
a bunch of other nonsensical bogons.

Just block all inbound 1918 packets (whether it's in src and/or dst),
and everything not addressed to you via the wan interface.
And make sure you're not leaking your own 1918 space to
your provider.
Special care of your modem/bridge management and any dhcp
may be needed.

>> Assuming it's my ISP, is there any way to configure my relay to discourage
>> clients in my AS from using it as an entry point?
>
> Could you say more about why you would want to do that? I ask because
> this increases those clients' risk from an AS-level attacker by
> mandating an increase in the number of ASes that must be traversed
> between client and entry node.

/ Conversely, entering through a relay in your own AS means that somebody
/ can definitely see all of your traffic and all of your entry node's
/ traffic. Is that really better?

It's still encrypted traffic, not plaintext. Your cable/dsl operator AS
has no interest in being a passive adversary itself. Though it may
partner with an actual PA who can see beyond just that AS anyways.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] RFC1918 addresses on outside interface
  - From: temp5

References:
- Re: [tor-talk] RFC1918 addresses on outside interface
  - From: temp5
- Re: [tor-talk] RFC1918 addresses on outside interface
  - From: Paul Syverson

Prev by Author: Re: [tor-talk] Need help -- File descriptors problem after update
Next by Author: [tor-talk] Prepared for [Raided for running a Tor exit node]?
Previous by thread: Re: [tor-talk] RFC1918 addresses on outside interface
Next by thread: Re: [tor-talk] RFC1918 addresses on outside interface
Index(es):
- Author
- Thread