[tor-bugs] #6710 [Tor Relay]: Tor Relays accept arbitrary destination address and port and leak information about reachability
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Aug 27 15:41:21 UTC 2012
#6710: Tor Relays accept arbitrary destination address and port and leak
information about reachability
-----------------------+----------------------------------------------------
Reporter: thejh | Owner:
Type: defect | Status: needs_review
Priority: major | Milestone: Tor: 0.2.3.x-final
Component: Tor Relay | Version: Tor: unspecified
Keywords: | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
Comment(by rransom):
Replying to [ticket:6710 thejh]:
> Usage: Configure the target relay as bridge, set loglevel to notice and
run the modified tor client with some IP and port in the bridges network
as last two parameters (for some reason, it seems like the IP has to be in
backwards notation... don't ask me why).
You left out a call to `htonl`.
> Example:
> $ src/or/tor -f torrc 1.178.168.192 80
> [...]
> Aug 27 10:30:34.000 [notice] CREATING SPOOFED CIRCUIT
> Aug 27 10:30:34.000 [notice] CIRCUIT WAS DESTROYED
>
> $ src/or/tor -f torrc 2.178.168.192 80
> [...]
> Aug 27 10:30:00.000 [notice] CREATING SPOOFED CIRCUIT
> Aug 27 10:30:03.000 [notice] CIRCUIT WAS DESTROYED
>
> 192.168.178.1 is up, 192.168.178.2 is down. As you can see, the response
time reflects this.
You don't need to guess what the response time means. Relays send an
explicit indication of why they failed to extend a circuit, although the
client code loses this information fairly soon after receiving it. See
also #3520 and #2576.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6710#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list