[tor-bugs] #7348 [Ooni]: Discuss strategies for detecting the probes IP address

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Mar 12 22:28:56 UTC 2013 

#7348: Discuss strategies for detecting the probes IP address
---------------------------+------------------------------------------------
 Reporter:  hellais        |          Owner:  hellais
     Type:  defect         |         Status:  new    
 Priority:  normal         |      Milestone:         
Component:  Ooni           |        Version:         
 Keywords:  ooni_research  |         Parent:         
   Points:                 |   Actualpoints:         
---------------------------+------------------------------------------------

Comment(by ioerror):

 Replying to [comment:5 hellais]:
 > We discussed with @ioerror implementing a series of strategies for
 detecting the probes IP address.
 >
 > In sequence we will attempt to detect the probe IP address via:
 >
 > * If Tor is running and we have access to the control port via "getinfo
 address"
 >
 > * By performing a UDP traceroute and consider the first hop in public IP
 space as the IP address of the probe
 >
 > * By using a geoip lookup service (for example what is detailed in
 #8191)
 >
 > @ioerror:
 > What should be the destination IP and port of the UDP traceroute?

 That sounds mostly accurate - that is - there are some ip address lookup
 systems - we should enumerate a few of the most popular, write a small bit
 of code to get our IP from each one and then use some of those for the
 third step.

 As far as the UDP traceroute - I think we can literally just randomly
 generate a few IP addresses and trace to them. It only needs to get past
 the first four hops for the returned data to be useful. The first three
 usually include rfc1918 addresses or (as was the case in Burma)  sometimes
 bogus IP addresses that aren't actually properly routed. In Burma, they
 just used a public IP of uunet (!) for their IP - since it all goes
 through a filter, the filter just rewrote the entire thing and no one
 seems to care at all.

 We could also perform a UDP traceroute to any of the geoip lookup services
 once we enumerate the names and IP addresses.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7348#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list