In looking at the check.torproject.org page on the browser/machine that runs my bridge, I'm used to seeing the same IP address a.b.c.d on the check page ("Your IP address appears to be: a.b.c.d") as in the exit on the path drop-down. But today for several hours a.b.c.d showed on the drop-down but a different address w.x.y.z appeared on the page. Opening up atlas gave a "no results" error until I entered a.b.c.d manually; and w.x.y.z was no tor node; it turned out to belong to a VPN provider which was also poking my ports. Is this discrepancy normal? Should be worried about it? - eliaz
On 18 Apr 2016, at 14:14, eliaz eliaz@riseup.net wrote:
In looking at the check.torproject.org page on the browser/machine that runs my bridge, I'm used to seeing the same IP address a.b.c.d on the check page ("Your IP address appears to be: a.b.c.d") as in the exit on the path drop-down. But today for several hours a.b.c.d showed on the drop-down but a different address w.x.y.z appeared on the page. Opening up atlas gave a "no results" error until I entered a.b.c.d manually; and w.x.y.z was no tor node; it turned out to belong to a VPN provider which was also poking my ports. Is this discrepancy normal? Should be worried about it? - eliaz
This sounds like it could be a bad exit redirecting all your traffic through a VPN, while trying to attack you. It's somewhat less likely to be a misconfiguration of the proxy settings on your bridge.
It's normal for tor to change exits occasionally. Do you know which exit your tor client was actually using during that time? If so, report it to bad-relays@lists.torproject.org
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B ricochet:ekmygaiu4rzgsk6n
Tim Wilson-Brown - teor:
On 18 Apr 2016, at 14:14, eliaz eliaz@riseup.net wrote:
In looking at the check.torproject.org page on the browser/machine that runs my bridge, I'm used to seeing the same IP address a.b.c.d on the check page ("Your IP address appears to be: a.b.c.d") as in the exit on the path drop-down. But today for several hours a.b.c.d showed on the drop-down but a different address w.x.y.z appeared on the page. Opening up atlas gave a "no results" error until I entered a.b.c.d manually; and w.x.y.z was no tor node; it turned out to belong to a VPN provider which was also poking my ports. Is this discrepancy normal? Should be worried about it? - eliaz
This sounds like it could be a bad exit redirecting all your traffic through a VPN, while trying to attack you. It's somewhat less likely to be a misconfiguration of the proxy settings on your bridge.
It's normal for tor to change exits occasionally. Do you know which exit your tor client was actually using during that time? If so, report it to bad-relays@lists.torproject.org
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B ricochet:ekmygaiu4rzgsk6n
Rats, I neglected to save the port scan log. Next time this happens I'll report as you suggested - eliaz
On 4/18/16, eliaz eliaz@riseup.net wrote:
Tim Wilson-Brown - teor:
It's normal for tor to change exits occasionally. Do you know which exit your tor client was actually using during that time? If so, report it to bad-relays@lists.torproject.org
Rats, I neglected to save the port scan log. Next time this happens I'll report as you suggested - eliaz
We frequently see users that have no idea what exit was in use for any particular connection or time. Especially when using apps other than TBB. And for many non real time / historical uses.
You'll want to read and comment on the following simple solution to 'What exit was I using?' that works with all apps, has builtin history buffer, can be watched in realtime, and can be piped out to logfile.
# Combine setevents circ and stream https://trac.torproject.org/projects/tor/ticket/11179
tor-relays@lists.torproject.org
-
eliaz -
grarpamp -
Tim Wilson-Brown - teor