[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: A attack aganist Tor?



Thus spake torsecurity (torbridges.security@xxxxxxxxx):

> I use a tor bridge (freedomwithwall) connecting to Tor and it seems
> doing well. But when I observe ( four) circuits  the Tor created, I
> find the second and the last tor nodes do not exsit! Their nicknames
> are not in the cached-descriptors or cached-descriptors.new files.
> The Vidalia can not show their IPs also, just show the
> freedomwithwall's IP.
> 
> I have never seen this happen before.
> 
> Is the bridge freedomwithwall a mallicious node and the middle and
> exit nodes are fake?

Barring some serious vulnerability the likes of which we haven't yet
seen, Tor cannot extend to relays without knowing their public key,
even if you are using a malicious bridge. At best, a malicious bridge
can only prevent you from connecting to peers that it doesn't like.

Most likely this is a bug in Vidalia and/or a race between Tor
receiving descriptors and updating those cached files.

You should try connecting to the Tor Control Port (port 9051 on
127.0.0.1) and issuing something like:

AUTHENTICATE "password"
GETINFO desc/name/<name of relay>
GETINFO ns/name/<name of relay>

or

GETINFO desc/id/<identity hash of relay>
GETINFO ns/id/<identity of relay>

and see what comes back.

You can also issue:
GETINFO circuit-status

to see your current circuits as Tor understands them, independent of
Vidalia.


-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpsBCHsomhQz.pgp
Description: PGP signature