[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Does tor still leak memory?



Strange, I will keep an eye out for which names resolve back to
127.0.0.1... they may be aliased in my huge HOSTS file, which would
explain it!

ST

On 9/9/05, Roger Dingledine <arma@xxxxxxx> wrote:
> On Fri, Sep 09, 2005 at 10:16:06AM -0500, Arrakis Tor wrote:
> > This happens when I am surfing outside the Tor network on my tor
> > server. I go to some host name that is definitely there, and instead i
> > get back dirport output.
> >
> > On 9/9/05, Roger Dingledine <arma@xxxxxxx> wrote:
> > > My guess is that some Tor server out there has a broken DNS resolver,
> > > and it's tricking you into getting a different page than you intended.
> > > (If only the Internet had ubiquitous dnssec and https...)
> > >
> > > If you can narrow down which server it is, we can take some steps to
> > > fix it.
> 
> Ah ha.
> 
> I believe the misbehaving DNS resolver is yours. :)
> 
> I've observed that some Windows machines have weird behavior where
> sometimes they return 127.0.0.1 when they don't have a better answer.
> 
> This is a problem when those nodes run as exit nodes, since then you get
> their local web site, whatever it is. In your case you aren't using Tor
> at all for your browsing, but you're seeing the same effect.
> 
> Does this sound plausible? Can you track down whether your computer
> really did get told to go try the website at 127.0.0.1?
> 
> I'd love to know more details here, since this has been a question
> for a while.
> 
> > Another concern... is it possible for someone to spoof places I am
> > logged in at if I allow myself as an exit node?
> 
> "Maybe." If the website keeps track of who you are with certificates,
> as it should, then no. If it keeps track with cookies, then also no.
> But if it keeps track of who you are by your IP address, then this may
> be possible.
> 
> But note that very few websites do this, because there are many situations
> besides Tor where a single IP "is" many people. Corporate firewalls,
> DHCP users, and AOL users come to mind. So if you find a website that
> does, you should already be suspicious of its security.
> 
> Hope this helps,
> --Roger
> 
>