[tor-bugs] #7706 [- Select a component]: Excluded Tor nodes are still being used by hiding or altering their "Country" location field
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Dec 11 20:29:24 UTC 2012
#7706: Excluded Tor nodes are still being used by hiding or altering their
"Country" location field
---------------------------------------------------+------------------------
Reporter: bugcatcher | Owner:
Type: defect | Status: new
Priority: major | Milestone: Tor: 0.2.4.x-final
Component: - Select a component | Version: Tor: 0.2.4.6-alpha
Keywords: GeoIP, relay, security, vulnerability | Parent:
Points: | Actualpoints:
---------------------------------------------------+------------------------
I noticed a potential security exploit affecting the latest Tor
0.2.4.6-alpha Qt 4.8.1 (Linux 64-bit) and possibly other versions.
Background:
When the ExcludeNodes (or ExcludeExitNodes, etc.) directive is set in the
torc file to avoid the relays located in the entire undesirable countries
(for example, ExcludeNodes {RU},{US}), Tor relies on the GeoIP database to
determine which nodes must be excluded from the circuits.
Problem:
Currently about 50-55 relays somehow hide their country attribute, or else
the GeoIP database fails to identify their location. Yet Tor includes such
nodes in the circuits, and thus they bypass the exclusion. It's a
potential security exploit.
Fix needed:
The relays with an un-indentified country attribute MUST NOT be allowed in
the Tor's circuit pool.
This problem can be visually observed in the Vidalia's Network Map window.
Here are the steps to reproduce the problem:
1. Add 'ExcludeNodes {US},{RU}' to the torc file (this is an example,
since many of the questioned nodes are in fact originating in the
mentioned countries) .
2. Open the Vidalia's Network Map window and look at the list of the
relays on left. While most relays correctly display their location country
flag, Some relays have a question mark instead of the country flag. When
they are selected, the detail info section in the lower middle doesn't
show their country info (unlike the normal relays).
To see all of these questionable relays better, sort the listed relays by
country - click on the 2nd tab above the relay list, and they will be
grouped at the top or at the bottom of list. There are typically 50-55 of
these relays.
3. Over time, some of these relays without the listed country will be
randomly included in the built circuits. I see it often when many
developed countries (US, UK, etc.) are excluded. The more countries are
excluded, the faster it will happen.
Suspicious relay behavior:
I observed these "un-countried" relays over a few days. Most of them
remain present and unchanged.
However, a few unique relays without the country attribute are added each
day, and a few disappear.
Interestingly, they seem to originate from the same IP address segments.
Mostly it is the 5.xxx.xxx.xxx, 89., 91., 142., 192., 194., 198. and 199.
IP segments.
Some relays share the same name (Unnamed), so it's hard to track them.
One of the relays ($EDFCBC44226B6DE6B28AFDEA6C8C63A3F5050665
[199.254.110.16]) only keeps changing its letter name (I don't see it
today, though).
Please address the vulnerability as soon as you can - I'm tired of
excluding 3 new individual fingerprints daily. :-)
Thank you!
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7706>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list