Reliability of circuit extension if target server is running a Tor exit node

Roger Dingledine arma at mit.edu
Tue Jul 11 06:45:33 UTC 2006


On Mon, Jul 10, 2006 at 09:39:05PM +0200, Fabian Keil wrote:
> I read on <http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ExitEavesdroppers>:
> 
> |Tor does provide a partial solution in a very specific situation, though.
> |When you make a connection to a destination that also runs a Tor server,
> |Tor will automatically extend your circuit so you exit from that circuit.
> |So for example if Indymedia ran a Tor server on the same IP address as their
> |website, people using Tor to get to the Indymedia website would automatically
> |exit from their Tor server, thus getting *better* encryption and authentication
> |properties than just browsing there the normal way.
> 
> How reliable is this supposed to work? For me it is working most of the time,
> but quite often I get:
> 
> A foreign exit node is used for the first HTTP request,
> the following requests use one of my own nodes.

Correct, that's how it's implemented right now. The reason is that when
the user types "www.foo.com" into their browser, Tor has no idea what its
IP address is, so it doesn't know that your Tor server is the same place.

We could always resolve every site first, just in case it's at the
same place as an exit node, but in most cases this would be a wasted
round-trip.

So we assume that the first request is just the front-page, and probably
not really sensitive. And then once we've cached the IP address for the
destination, future requests become smarter.

It seemed like a good trade-off at the time. If it's a destination that
is really sensitive, you can add a MapAddress line to your torrc.

Are there important example scenarios where this behavior is really
dangerous?

--Roger



More information about the tor-talk mailing list