A attack aganist Tor?

Mike Perry mikeperry at fscked.org
Sun May 23 04:39:54 UTC 2010


Thus spake torsecurity (torbridges.security at gmail.com):

> I use a tor bridge (freedomwithwall) connecting to Tor and it seems
> doing well. But when I observe ( four) circuits  the Tor created, I
> find the second and the last tor nodes do not exsit! Their nicknames
> are not in the cached-descriptors or cached-descriptors.new files.
> The Vidalia can not show their IPs also, just show the
> freedomwithwall's IP.
> 
> I have never seen this happen before.
> 
> Is the bridge freedomwithwall a mallicious node and the middle and
> exit nodes are fake?

Barring some serious vulnerability the likes of which we haven't yet
seen, Tor cannot extend to relays without knowing their public key,
even if you are using a malicious bridge. At best, a malicious bridge
can only prevent you from connecting to peers that it doesn't like.

Most likely this is a bug in Vidalia and/or a race between Tor
receiving descriptors and updating those cached files.

You should try connecting to the Tor Control Port (port 9051 on
127.0.0.1) and issuing something like:

AUTHENTICATE "password"
GETINFO desc/name/<name of relay>
GETINFO ns/name/<name of relay>

or

GETINFO desc/id/<identity hash of relay>
GETINFO ns/id/<identity of relay>

and see what comes back.

You can also issue:
GETINFO circuit-status

to see your current circuits as Tor understands them, independent of
Vidalia.


-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20100522/1bc9cda9/attachment.pgp>


More information about the tor-dev mailing list