A attack aganist Tor?
Mike Perry
mikeperry at fscked.org
Sun May 23 18:42:24 UTC 2010
Thus spake Mike Perry (mikeperry at fscked.org):
> Thus spake torsecurity (torbridges.security at gmail.com):
>
> > I use a tor bridge (freedomwithwall) connecting to Tor and it seems
> > doing well. But when I observe ( four) circuits the Tor created, I
> > find the second and the last tor nodes do not exsit! Their nicknames
> > are not in the cached-descriptors or cached-descriptors.new files.
> > The Vidalia can not show their IPs also, just show the
> > freedomwithwall's IP.
> >
> > I have never seen this happen before.
> >
> > Is the bridge freedomwithwall a mallicious node and the middle and
> > exit nodes are fake?
>
> Barring some serious vulnerability the likes of which we haven't yet
> seen, Tor cannot extend to relays without knowing their public key,
> even if you are using a malicious bridge. At best, a malicious bridge
> can only prevent you from connecting to peers that it doesn't like.
>
> Most likely this is a bug in Vidalia and/or a race between Tor
> receiving descriptors and updating those cached files.
Right after sending this, Roger reminded me that this bug would have
allowed exactly what you described back in the 0.1.1.x days.
http://archives.seul.org/or/announce/Aug-2005/msg00002.html
So it's not outside of the realm of posibility, but probably is still
on the unlikely side. Keep an eye out, anyways.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20100523/49a4c9a0/attachment.pgp>
More information about the tor-dev
mailing list