[tor-dev] multiple relay identities on a single IP:port, bug or feature?

isis isis at torproject.org
Wed Sep 16 21:23:14 UTC 2015

nusenu transcribed 2.5K bytes:
> Hi,
> in the last two days someone started generating a steady amount of new
> relay fingerprints on a single IP:port (2 per hour, actually a lot more
> than that but only to make it into the consensus) [1].
> I'm surprised that actually both of them end up in the consensus.
> example:
> https://collector.torproject.org/recent/relay-descriptors/consensuses/2015-09-15-22-00-00-consensus
> search for " 51256" - you will find it twice.
> Does that make sense or is this a bug?

Hey nusenu,

The normal setting for AuthDirMaxServersPerAddr is 2, so a relay can use the
same IP twice.  See get_possible_sybil_list(). [0]  We don't check whether the
same IP:port pair was used multiple times, (I would assume) because 1) you
can't bind to the same port twice, and 2) even if you could, you'd reply half
the time with the wrong set of keys and the other end would tear down the
circuit/connection.  You're right that this relay shouldn't be in the
consensus twice (or at all).

FWIW, my guess it that that relay is trying to attack the HSDir hashring by
churning through ID keys, rather than actually trying to get multiple copies
of the same IP:port pair listed in the consensus.

[0]: https://gitweb.torproject.org/tor.git/tree/src/or/dirserv.c?id=c84f3c91#n2085

Best Regards,
 ♥Ⓐ isis agora lovecruft
OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1240 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150916/c522c21e/attachment.sig>

More information about the tor-dev mailing list