Sniffing OR-OR connections by rerouting them
Adam Langley
alangley at gmail.com
Tue Jun 28 10:07:53 UTC 2005
On 6/28/05, dvorak <dvorak at xs4all.nl> wrote:
> Tor circuits are build based on OR (Onion router) to OR connections.
> An OP (onion proxy) that wants to connect to a webserver through the
> tor network selects n (3 in the default configuration) OR's through
<big snip>
Let me repeat that and see if I have it straight.
For any Tor node A I can poison its connection cache by asking it to
connect to B, but giving the IP address of a proxy instead. Once that
has happened any other requests going though A, asking to connect to
B, will in fact go via my proxy since A believes that it already has a
connection to B.
I can't think of any reason why this shouldn't work. The solution is
probably to have B tell A what its IP *should* be after connection. We
could have A check the directory for B's IP address but clients may
wish to tunnel via routers which aren't listed in the directory etc. I
think having B tell the and connected nodes it's IP address is a more
general solution.
To reduce the number of round trips for a connection this information
can be packed into the certificate.
I'm still wondering about this since there are often many ways to
reach a given host on the net, but I guess there should always be a
canonical address for any router (that which it would publish to the
directory).
AGL
--
Adam Langley agl at imperialviolet.org
http://www.imperialviolet.org (+44) (0)7906 332512
PGP: 9113 256A CC0F 71A6 4C84 5087 CDA5 52DF 2CB6 3D60
More information about the tor-talk
mailing list