[tor-bugs] #22461 [Core Tor/Tor]: Tor emits inaccurate safesocks warning event whenever you visit a naked IP address

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jun 2 16:29:48 UTC 2017


#22461: Tor emits inaccurate safesocks warning event whenever you visit a naked IP
address
--------------------------+----------------------------------
 Reporter:  arma          |          Owner:
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+----------------------------------

Comment (by arma):

 Replying to [comment:3 catalyst]:
 > #10165 is related.  So neither "localhost" nor 127.0.0.1 should work in
 Tor Browser because of possible leakage?

 Yes, but I think that's separate from this ticket.

 (Tor Browser removes the "no proxy for" values for localhost and
 127.0.0.1, since allowing anything in the "wide open proxy bypass here"
 settings seemed poor. So if you visit 127.0.0.1 in Tor Browser, it
 dutifully passes the address to Tor like any other address, and then Tor
 says
 {{{
 Jun 02 16:16:15.000 [warn] Rejecting SOCKS request for anonymous
 connection to private address [scrubbed].
 }}}
 assuming you've left ClientRejectInternalAddresses set to 1. All of that
 is normal I think.)

 > (Also in the comments to #10165 that led to this ticket, why is an
 (alleged) online banking site trying to open those connections to
 127.0.0.1?)

 That is a fine and good question. I had originally thought that the
 127.0.0.1 was the address of the application connection, i.e. "I received
 a tcp connection to the socksport, and the tcp info for the connection
 says it was from localhost and this high-numbered port". But looking more
 at the code, I think you're right that indeed something made that person's
 Tor make a big pile of connections to 127.0.0.1. I think so long as the
 person hadn't messed with their torrc even more, though, the
 ClientRejectInternalAddresses check would make Tor fail those requests.

 > Is the goal here that a user-provided numeric IP address won't generate
 warnings? (on the assumption the user knows what they're doing?)

 Yes, the goal of this ticket is that if you type in http://128.31.0.34/ in
 your Tor Browser, it should not tell you that you're using an unsafe
 variant of the socks protocol. Because you're not -- you're using a safe
 variant of the socks protocol to ask for a legitimate web address.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22461#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list