[tor-bugs] #7706 [Tor]: Excluded Tor nodes are still being used when their "Country" location field is "?" (was: Excluded Tor nodes are still being used by hiding or altering their "Country" location field)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Dec 13 16:22:49 UTC 2012
#7706: Excluded Tor nodes are still being used when their "Country" location field
is "?"
--------------------------------------------------------------+-------------
Reporter: bugcatcher | Owner:
Type: defect | Status: new
Priority: major | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version: Tor: 0.2.4.6-alpha
Keywords: GeoIP, relay, security, vulnerability tor-client | Parent:
Points: | Actualpoints:
--------------------------------------------------------------+-------------
Comment(by bugcatcher):
The {??} and {A1} country codes - are they documented somewhere? All I've
seen so far in the Tor Documentation is that torrc uses the country codes
according to ISO 3166-1 alpha, and there wasn't any mention of {??} or
{A1}.
Since they are not widely documented, then - Yes, definitely, the relays
with {??} and {A1} must be disallowed either completely, or at least when
any ExcludeNode command is used in torrc.
Until then a potential attacker can setup a node in a way that defeats the
country exclusion setting.
Thanks.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7706#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list