A attack aganist Tor?

Mike Perry mikeperry at fscked.org
Sun May 23 18:42:24 UTC 2010


Thus spake Mike Perry (mikeperry at fscked.org):

> Thus spake torsecurity (torbridges.security at gmail.com):
> 
> > I use a tor bridge (freedomwithwall) connecting to Tor and it seems
> > doing well. But when I observe ( four) circuits  the Tor created, I
> > find the second and the last tor nodes do not exsit! Their nicknames
> > are not in the cached-descriptors or cached-descriptors.new files.
> > The Vidalia can not show their IPs also, just show the
> > freedomwithwall's IP.
> > 
> > I have never seen this happen before.
> > 
> > Is the bridge freedomwithwall a mallicious node and the middle and
> > exit nodes are fake?
> 
> Barring some serious vulnerability the likes of which we haven't yet
> seen, Tor cannot extend to relays without knowing their public key,
> even if you are using a malicious bridge. At best, a malicious bridge
> can only prevent you from connecting to peers that it doesn't like.
> 
> Most likely this is a bug in Vidalia and/or a race between Tor
> receiving descriptors and updating those cached files.

Right after sending this, Roger reminded me that this bug would have
allowed exactly what you described back in the 0.1.1.x days.
http://archives.seul.org/or/announce/Aug-2005/msg00002.html

So it's not outside of the realm of posibility, but probably is still
on the unlikely side. Keep an eye out, anyways.


-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20100523/49a4c9a0/attachment.pgp>


More information about the tor-dev mailing list