[tor-bugs] #19026 [Obfuscation/Snowflake]: Remove local LAN address ICE candidates
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed May 11 00:56:52 UTC 2016
#19026: Remove local LAN address ICE candidates
---------------------------------------+-----------------
Reporter: dcf | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Obfuscation/Snowflake | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
---------------------------------------+-----------------
ICE candidates can contain local LAN addresses as well as external
addresses. For example, here's a redacted transcript from the Snowflake JS
proxy:
{{{
a=candidate:4077567720 1 udp 2122260223 192.168.1.5 51282 typ host
generation 0
a=candidate:8564102000 1 udp 1686052607 X.X.X.X 51282 typ srflx raddr
192.168.1.5 rport 51282 generation 0
a=candidate:3179889176 1 tcp 1518280447 192.168.1.5 52256 typ host tcptype
passive generation 0
}}}
If it's possible, we should filter them out to prevent revealing more
information than necessary. Serene and I guessed that they are only there
for the case when both peers are in the same local network, but we're not
sure about that.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19026>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list