[tor-bugs] #17782 [Tor]: Relays may publish descriptors with incorrect IP address
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Dec 8 23:36:33 UTC 2015
#17782: Relays may publish descriptors with incorrect IP address
--------------------+------------------------------------
Reporter: fk | Owner:
Type: defect | Status: new
Priority: High | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version: Tor: 0.2.7.4-rc
Severity: Major | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
--------------------+------------------------------------
Comment (by teor):
Tor currently uses the following sources to determine its IP address:
* Address configuration in the torrc
* Hostname lookup
* This can sometimes be unreliable, see #17765
* Interface addresses (if publicly routable)
* This could be unstable in the presence of multiple interface addresses
(#17787)
* X-Your-IP-Address-Is header from directory servers
* This was recently an issue with the authority Faravahar, where the
provider was providing a "transparent" web proxy on it's DirPort that was
repeating these headers, forwarding some requests so that they appeared to
originate from the authority's old IP address, and corrupting some
responses. (See #16205 / #17605)
Therefore, this issue only affects relays:
* without Address configured in their torrc
* with a hostname that doesn't resolve, or that resolves to a private
address
* with no publicly routable addresses on any interfaces (that is, behind
NAT)
A quick mitigation for this issue would be to encourage every relay
operator on a stable external IPv4 address, or stable hostname that always
resolves to the correct IPv4 address, to add an Address line to their
torrc.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17782#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list