[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: BOGUS AUTHORITY ALERT: interesting cached-status/1A0999C05AE2B9A3CF474077F06060E91B3A847 file



Scott Bennett wrote:
     It has now been several hours since I posted a message about an impostor
authority.  Having received no response thus far from the list, I am reposting
the message below with a stronger Subject: line.  I'd also like to make the
additional comment that I would very much like to see a torrc line available,
similar to ExcludeNodes, that would allow individual tor operators to ignore
specific directory servers when those operators decide there is a problem with
those servers.  For example, "ExcludeAuthorities" would refuse to accept status
or consensus documents from the listed servers.  "ExcludeDirectoryNodes" would
refuse to contact the DirPort of each listed server.

					Scott
   ---------------------------------------------------------------------
     This cached-status file begins with:

dir-source s15192785 212.227.86.59 9030
fingerprint 1A0999C05AE2B9A3CF474077F06060E91B3A847B
contact Random Person <stfu@xxxxxxxxxxx>
published 2008-03-29 09:54:11
dir-options
dir-signing-key
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAM8/5QA67aqGKO8z65hB+noDVOjZaZg1FAzou5wHlx0Q8UgfCmwVbCE0
tvd1hP2pBl0+4vHaYE0/p2DDll2Zn2BjBdQcI4AYcPA1CjlYdDNl316d3PwTVArc
OpfckZireM0LprNId0PXSycKmwmWxeX88t66eNGyFxnsjamK2k3ZAgMBAAE=
-----END RSA PUBLIC KEY-----

The above lines are then followed by the usual "r" and "s" lines, but oddly
enough, no "opt" lines.  Usually I see three lines (one of each of the above)
for each router.
     However, looking for that IP address (212.227.86.59) in this section, I
find not "s15192785", but "abutor":

r abutor GgmZwFriuaPPR0B38GBg6Rs6hHs 4Oj8zvA0SAIoRuEI2y9MsGYsBk4 2008-03-28 21:07:43 212.227.86.59 9001 9030
s Authority Fast Stable Running Valid V2Dir

Notice the "Authority" flag in the "r" line above.  This flag does not appear
for this router in any of the other four cached-status files.
     So how do I block this bogus cached-status file and its illegitimate
"Authority" flag for a screwed up router with bad contact information?


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************



Very interesting, and thank you very much for keeping an eye on this for the rest of us. I was wondering why I was getting weird error messages about not being able to match some descriptors in my tor.log file, but I didn't save it so I can't compare it to your findings.

I'll keep my eye out now for sure though....thanks again.

- Kyle