[tor-relays] Updating our IP Address

diffusae punasipuli at t-online.de
Tue Dec 20 23:51:40 UTC 2016


Hello,

sorry, it also was a bit confusing for me as I've seen the logs. Yes,
you are right. I am running a tor node and a ddclient on the same
machine. Tor client and relay is running in a jail. So, it might be
error, because of a faulty firewall rule. It looks like, I've routed all
traffic though the tor client. Therefore it could be a "false" dynsdns
update, but I've don't understand why it was changing so quickly with
right IP.

So, for now I guess, it was my fault.

Regards,
Reiner

On 20.12.2016 18:49, tor-relay.dirk at o.banes.ch wrote:
> Hello,
> 
> I'm part of the abuse team of the mentioned Tor Exit.
> Also I follow this mailing list.
> 
> I read you post several times but I'm not sure what you where doing.
> It looks to me like you running a tor node and have also a dyndns update
> process running.
> 
> Is this correct ? Please provide some more information about you use
> case/configuration
> 
> best regards
> 
> Dirk
> 
> 
> On 20.12.2016 15:25, diffusae wrote:
>> Hi!
>>
>> Yesterday I encountered a strange IP address update via DynDNS:
>>
>> Dec 19 23:00:32.000 [notice] Your IP address seems to have changed to
>> 176.10.104.240 (METHOD=RESOLVED HOSTNAME=my.dyndns.cc). Updating.
>> Dec 19 23:00:32.000 [notice] Our IP Address has changed from xx.xx.xx.xx
>> to 176.10.104.240; rebuilding descriptor (source: METHOD=RESOLVED
>> HOSTNAME=my.dyndns.cc).
>> Dec 19 23:00:36.000 [notice] Self-testing indicates your ORPort is
>> reachable from the outside. Excellent.
>> Dec 19 23:04:32.000 [notice] Your IP address seems to have changed to
>> xx.xx.xx.xx (METHOD=RESOLVED HOSTNAME=my.dyndns.cc). Updating.
>> Dec 19 23:04:32.000 [notice] Our IP Address has changed from
>> 176.10.104.240 to xx.xx.xx.xx ; rebuilding descriptor (source:
>> METHOD=RESOLVED HOSTNAME=my.dyndns.cc).
>> Dec 19 23:04:34.000 [notice] Self-testing indicates your ORPort is
>> reachable from the outside. Excellent.
>> Dec 19 23:08:32.000 [notice] Your IP address seems to have changed to
>> 176.10.104.240 (METHOD=RESOLVED HOSTNAME=my.dyndns.cc). Updating.
>> Dec 19 23:08:32.000 [notice] Our IP Address has changed from xx.xx.xx.xx
>> to 176.10.104.240; rebuilding descriptor (source: METHOD=RESOLVED
>> HOSTNAME=my.dyndns.cc).
>> Dec 19 23:08:34.000 [notice] Self-testing indicates your ORPort is
>> reachable from the outside. Excellent.
>> Dec 19 23:13:32.000 [notice] Your IP address seems to have changed to
>> xx.xx.xx.xx (METHOD=RESOLVED HOSTNAME=my.dyndns.cc). Updating.
>> Dec 19 23:13:32.000 [notice] Our IP Address has changed from
>> 176.10.104.240 to xx.xx.xx.xx; rebuilding descriptor (source:
>> METHOD=RESOLVED HOSTNAME=my.dyndns.cc).
>> Dec 19 23:13:36.000 [notice] Self-testing indicates your ORPort is
>> reachable from the outside. Excellent.
>> Dec 19 23:22:38.000 [notice] Self-testing indicates your DirPort is
>> reachable from the outside. Excellent. Publishing server descriptor
>>
>> The DynDNS client updates the IP every five minutes. It looks like
>> somebody has tried to changed / update the IP manually or via spoofed
>> update (DNS) entry. I also recognized the change at the WebGUI of the
>> DynDNS Provider. The changed IP address is an exit node
>> (0111BA9B604669E636FFD5B503F382A4B7AD6E80) in Switzerland.
>>
>> I don't think, that this is a bug in Tor 0.2.9.7-rc. Are there any
>> possible attacks to Tor relays, if they are using a faked IP address?
>> Normally this shouldn't work. Even if the traffic is redirected to an
>> exit node, but I am not sure.
>>
>> Well, it should be safer to use autodetection of the IP though Tor.
>>
>> Regards,
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> 
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 


More information about the tor-relays mailing list