[tor-bugs] #29989 [Core Tor/Tor]: Add a flag to set chosen_exit_optional to false for MapAddress torrc option (and controller?)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Apr 3 07:24:33 UTC 2019
#29989: Add a flag to set chosen_exit_optional to false for MapAddress torrc option
(and controller?)
-------------------------------------------------+-------------------------
Reporter: babyfarkmcgeezaxxon | Owner: (none)
Type: enhancement | Status: new
Priority: Medium | Milestone: Tor:
| unspecified
Component: Core Tor/Tor | Version: Tor:
| 0.3.5.8
Severity: Normal | Resolution:
Keywords: security-low?, tor-client, tor-exit | Actual Points:
Parent ID: | Points: 1
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by babyfarkmcgeezaxxon):
>Does 719FD0FA327F3CCBCDA0D4EA74C15EA110338942 allow exiting to
ayefiles.com?
Good question. So here's what I did. I set my torrc back to the default
value, with no restrictions, and then visited https://ayefiles.com/. I
rotated through three different exit nodes as observed in the "Tor
Circuit" window using Ctrl+L.
The exit nodes were:
{{{
46.249.59.212
95.216.153.67
217.79.179.177
}}}
Using the official table of exit nodes @ https://torstatus.blutmagie.de/ I
then filled in the fingerprints of these nodes. (They indeed were listed
in that table as valid exit nodes.)
{{{
46.249.59.212 has fingerprint 221C2A3FBAEDBE8E91E13D367BFF649A8584F3DC
95.216.153.67 has fingerprint 23C654A4C4102B0634B000FA9BF1EB5193ED8E17
217.79.179.177 has fingerprint 3E53D3979DB07EFD736661C934A1DED14127B684
}}}
Now, the rabbithole gets deeper, and scarier. Using these fingerprints,
the fingerprints of nodes that only seconds before I'd seen in the circuit
to https://ayefiles.com/ , I modified my torrc to contain the following:
{{{
MapAddress ayefiles.com
ayefiles.com.221C2A3FBAEDBE8E91E13D367BFF649A8584F3DC.exit
MapAddress duckduckgo.com
duckduckgo.com.221C2A3FBAEDBE8E91E13D367BFF649A8584F3DC.exit
}}}
When I restarted Tor, **I couldn't connect to either**
https://duckduckgo.com/ or https://ayefiles.com/. **That holds true for
all three IPs/fingerprints! **
By can't connect, it's not hanging but giving me a screen blank except for
a message, "Unable to connect. Firefox can’t establish a connection to
the server at duckduckgo.com." Then it lists a few bullet items to check
like my network being down.
So let's recap what I saw:
* If I set a random, specific exit node via MapAddress, it works for
duckduckgo, but ayefiles ignores it selecting another exit node
* if I apply one of the exit nodes I saw ayefiles use under the default
torrc operation, TOR refuses to use it to connect to either duckduckgo or
ayefiles!
Very strange indeed! What's going on here? ayefiles uses certain
specific exit nodes that then cannot be used for other websites and can't
even be manually navigated to? That is, they can only be used as exit
nodes if ayefiles chooses them and not if I choose them? WTF?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29989#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list