prevent tor accepting dns requests on dnsport initiated by itself

Nick Mathewson nickm at freehaven.net
Fri Jun 22 15:52:48 UTC 2007


On Thu, Jun 21, 2007 at 10:53:08PM +0100, Robert Hogan wrote:
> 
> This would also prevent the user resolving a dns request if it
> coincided exactly with the very same request by tor. I don't know
> how likely this would be in practice - I certainly haven't been
> quick enough on the draw.

I think this is actually a dangerous idea.  We separate the client DNS
cache from the server DNS cache for a reason: if you're using a Tor
instance as both a client and a server, it's a good idea to keep the
client's behavior more or less uncorrelated by the server's.

Here's an attack: I have a server that doesn't see much usage at
evil-nick.com.  You have a non-exit Tor host.  I suspect that you're
connecting to my server.  I control the DNS for evil-nick.com, so I
whenever your Tor server asks for the address of evil-nick.com I give
you IP1.  (If it never asks, I can resolve evil-nick.com.yourhost.exit
a lot.)  When any other server asks, I give them IP2.  If I see
anybody connect to IP1, I know that it's probably your client peeking
inside the server DNS.

There are probably easier attacks here too.

-- 
Nick Mathewson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 652 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20070622/e37d6116/attachment.pgp>


More information about the tor-dev mailing list