A attack aganist Tor?

Mike Perry mikeperry at fscked.org
Sun May 23 18:42:24 UTC 2010

Thus spake Mike Perry (mikeperry at fscked.org):

> Thus spake torsecurity (torbridges.security at gmail.com):
> > I use a tor bridge (freedomwithwall) connecting to Tor and it seems
> > doing well. But when I observe ( four) circuits  the Tor created, I
> > find the second and the last tor nodes do not exsit! Their nicknames
> > are not in the cached-descriptors or cached-descriptors.new files.
> > The Vidalia can not show their IPs also, just show the
> > freedomwithwall's IP.
> > 
> > I have never seen this happen before.
> > 
> > Is the bridge freedomwithwall a mallicious node and the middle and
> > exit nodes are fake?
> Barring some serious vulnerability the likes of which we haven't yet
> seen, Tor cannot extend to relays without knowing their public key,
> even if you are using a malicious bridge. At best, a malicious bridge
> can only prevent you from connecting to peers that it doesn't like.
> Most likely this is a bug in Vidalia and/or a race between Tor
> receiving descriptors and updating those cached files.

Right after sending this, Roger reminded me that this bug would have
allowed exactly what you described back in the 0.1.1.x days.

So it's not outside of the realm of posibility, but probably is still
on the unlikely side. Keep an eye out, anyways.

Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20100523/49a4c9a0/attachment.pgp>

More information about the tor-dev mailing list