[tor-bugs] #13129 [Tor]: Option for downgrading "Rejecting SOCKS request for anonymous connection to private address" log

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Sep 16 15:54:57 UTC 2014 

#13129: Option for downgrading "Rejecting SOCKS request for anonymous connection to
private address" log
------------------------+--------------------------------
     Reporter:  arma    |      Owner:
         Type:  defect  |     Status:  new
     Priority:  normal  |  Milestone:  Tor: 0.2.5.x-final
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:
Actual Points:          |  Parent ID:
       Points:          |
------------------------+--------------------------------

Comment (by nickm):

 It seems like we need some decision-making here:

  * Option A: It's trivial to downgrade the warning. (But only some
 instances of it are instances we'd like to ignore.)

  * Option B: It's similarly pretty easy to make the ignorable instances
 distinguishable from the accidental instances (such as by for example by
 reinstating the old "noconnect" directive, or by using some kind of a
 socks extension, special username, or magic port).  But in this case, a
 hostile program might be able to generate a request to localhost that Tor
 would close but not report.  I'm not sure whether there's an attack there.

  * Option C: We could have a magic SOCKS username that means "Don't log a
 warning if this address is 127.0.0.1".  We could let this randomly at
 startup, and have it be Yet Another Cookie.  This would be a version of
 option B where a hostile program that didn't know the magic username
 couldn't suppress the warning.  I'm not sure whether this is worthwhile.

  * Option D: TB could try to fix #10682 in a different way.  I don't know
 how hard this is, but I suspect "at least somewhat".

  * Option E: Do nothing; annoying warnings are annoying.

  * Options F...Z: Something I'm not thinking of.

 Right now, I'm thinking that A and E are possible for 0.2.5.x-final.
 Maaaaybe some version of B would also work out for 0.2.5, but maybe not.
 Option C might work out for 0.2.6 (if the complexity doesn't make us
 cringe), but it's a kludge and it's not for 0.2.5.  I can't comment on the
 difficulty of option D.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13129#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list