[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17782 [Tor]: Relays may publish descriptors with incorrect IP address

Subject: Re: [tor-bugs] #17782 [Tor]: Relays may publish descriptors with incorrect IP address
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 08 Dec 2015 23:36:33 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 08 Dec 2015 18:36:43 -0500
In-reply-to: <042.cf38fa0cbd3e68add0dfb4a7314d6521@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.cf38fa0cbd3e68add0dfb4a7314d6521@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17782: Relays may publish descriptors with incorrect IP address
--------------------+------------------------------------
 Reporter:  fk      |          Owner:
     Type:  defect  |         Status:  new
 Priority:  High    |      Milestone:  Tor: 0.2.7.x-final
Component:  Tor     |        Version:  Tor: 0.2.7.4-rc
 Severity:  Major   |     Resolution:
 Keywords:          |  Actual Points:
Parent ID:          |         Points:
  Sponsor:          |
--------------------+------------------------------------

Comment (by teor):

 Tor currently uses the following sources to determine its IP address:
 * Address configuration in the torrc
 * Hostname lookup
   * This can sometimes be unreliable, see #17765
 * Interface addresses (if publicly routable)
   * This could be unstable in the presence of multiple interface addresses
 (#17787)
 * X-Your-IP-Address-Is header from directory servers
   * This was recently an issue with the authority Faravahar, where the
 provider was providing a "transparent" web proxy on it's DirPort that was
 repeating these headers, forwarding some requests so that they appeared to
 originate from the authority's old IP address, and corrupting some
 responses. (See #16205 / #17605)

 Therefore, this issue only affects relays:
 * without Address configured in their torrc
 * with a hostname that doesn't resolve, or that resolves to a private
 address
 * with no publicly routable addresses on any interfaces (that is, behind
 NAT)

 A quick mitigation for this issue would be to encourage every relay
 operator on a stable external IPv4 address, or stable hostname that always
 resolves to the correct IPv4 address, to add an Address line to their
 torrc.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17782#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #17782 [Tor]: Relays may publish descriptors with incorrect IP address
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #17787 [Tor]: Improve address detection on multihomed relays
Next by Author: Re: [tor-bugs] #17782 [Tor]: Relays may publish descriptors with incorrect IP address
Previous by thread: Re: [tor-bugs] #17782 [Tor]: Relays may publish descriptors with incorrect IP address
Next by thread: Re: [tor-bugs] #17782 [Tor]: Relays may publish descriptors with incorrect IP address
Index(es):
- Author
- Thread