[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Faravahar messing with my IP address

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Faravahar messing with my IP address
From: Tim Wilson-Brown - teor <teor2345@xxxxxxxxx>
Date: Mon, 9 Nov 2015 20:04:55 +1100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 09 Nov 2015 04:05:16 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:message-id :references:to; bh=MNFVeaKxCY5aU7WBrFnKeRnda/jgWQHuN4EeErIRooo=; b=CB4RhSogdWyLCniKiqVULGpv3ytG1QURg6vSc8uZrEsVOdNTX9eJWTPLEyW/BDNdhq UaNfJaStqulV+DD3zPvgtrEAnFwGYlVXddB/sPn84ksekx7zxOF88a531aB6dhemuJ55 QbIF2zgW72mf34H3pJYAtH9U+qDH1ENS19han9Z/Zj4Z/H+zi/F9fF5S/YltJYPEm5s5 pE2+jqQ0IyeRHtYXI/zQZA2OxNgm6e8mJlG7MLq/yBAQzdBMQmdircW9DNJ5uRswqgCz bLF8mFekfYvnu82ohr9kZ4UrEDGzU5it5Jqf+K17MkYK/f+1HINj/tFqvHggt589zTH5 tzag==
In-reply-to: <20151109075602.GD8850@localhost>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <56292960.40507@xxxxxx> <1956763924.158865.1445539095428.JavaMail.zimbra@xxxxxxxxxxx> <5639AD24.2090809@xxxxxx> <20151109075602.GD8850@localhost>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On 9 Nov 2015, at 18:56, Matthew Finkel <matthew.finkel@xxxxxxxxx> wrote:

Which version of Tor were you previously running? Have you seen these
messages within the last few days, after you upgraded?

Hi SiNA, Matthew,

I can reproduce some unusual behaviour from Faravahar simply using wget.

It seems that a web cache in front of Faravahar's dirport might be misbehaving.

*Exit Notice - Reproducible Incorrect X-Your-Address-Is*

I just retrieved the Faravahar "exit notice" from a US AWS address, then a few seconds later made a query from an Australian home IP address.

Both queries returned the US AWS address in X-Your-Address-Is.

(A previous query from the Australian address a few minutes beforehand had the correct address.)

I can reproduce this behaviour: whichever query starts first is the one whose IP address gets recorded.

Subsequent queries get the same IP address for several tens of seconds afterwards.

I'm using:

wget --save-headers http://154.35.175.225/

The headers I see look like:

HTTP/1.0 200 OK
Age: 976
Date: Mon, 09 Nov 2015 08:35:20 GMT
Expires: Mon, 09 Nov 2015 08:55:20 GMT
Connection: Keep-Alive
ETag: "KXJDGONEHLPTLKVYRY"
Content-Type: text/html
X-Your-Address-Is: <not my IP address>
Content-Encoding: identity
Content-Length: 38126

*Directory Documents - Once-Off Header Corruption*

This caching behaviour isn't reproducible with the actual documents, but I did see one instance of corrupted headers:

* Content-Length is misspelt Xontent-Length,

* Connection and ETag are present, but they're not typically present in the headers of other directory documents from Faravahar.

* Expires is in the location it would typically be in for the exit notice (after Date), not the directory documents (last, after Content-Encoding)

wget --save-headers http://154.35.175.225/tor/status-vote/current/consensus-ns

HTTP/1.0 200 OK
Age: 975
Date: Mon, 09 Nov 2015 08:43:32 GMT
Expires: Mon, 09 Nov 2015 09:00:00 GMT
Xontent-Length:
Connection: Close
ETag: "KXJDGONEHLSKRWTYRY"
Content-Type: text/plain
X-Your-Address-Is: 180.200.153.214
Content-Encoding: identity

The second download with exactly the same URL did not contain [C|X]ontent-Length, Connection, or ETag.

It's probably worth mentioning that similar queries to other directory authorities do not show the same behaviour.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Faravahar messing with my IP address
  - From: Matthew Finkel
- Re: [tor-relays] Faravahar messing with my IP address
  - From: Roger Dingledine

References:
- Re: [tor-relays] Faravahar messing with my IP address
  - From: Logforme
- Re: [tor-relays] Faravahar messing with my IP address
  - From: Matthew Finkel

Prev by Author: Re: [tor-relays] Faravahar messing with my IP address
Next by Author: Re: [tor-relays] Faravahar messing with my IP address
Previous by thread: Re: [tor-relays] Faravahar messing with my IP address
Next by thread: Re: [tor-relays] Faravahar messing with my IP address
Index(es):
- Author
- Thread