[tor-relays] Possible problem with NYX
Damian Johnson
atagar at torproject.org
Tue Sep 4 16:36:31 UTC 2018
Hi arisbe. This isn't as concerning as you seem to think. As Nathaniel
mentions it's simple to get this information, Nyx is simply attempting
to scrub it cuz... well, it's ethically and legally the right thing to
do. Nyx's 'should this be scrubbed' check is pretty simple [1].
Inbound addresses are scrubbed if...
1. You're configured to accept user traffic (ie. you set BridgeRelay
in your torrc or have receive the Guard flag). [2]
2. The connection doesn't belong to a another tor relay. [3]
Does the relay show relay information such as a fingerprint? If so
then it shouldn't be scrubbed. If it doesn't and you've set
BridgeRelay in your torrc then please let us know on...
https://trac.torproject.org/projects/tor/wiki/doc/nyx/bugs
Thanks! -Damian (author of nyx and stem)
[1] https://gitweb.torproject.org/nyx.git/tree/nyx/panel/connection.py#n230
[2] https://gitweb.torproject.org/stem.git/tree/stem/control.py
[3] In particular, we check if the address/port is in the consensus.
On Mon, Sep 3, 2018 at 1:13 PM, arisbe <arisbe at cni.net> wrote:
> Hello ops,
>
> Today I noticed something on NYX that I find disturbing. Page 2 (list of
> inbound/outbound connections) showed me the IP address of an inbound
> connection on one of my bridges! Not the authority. This is crazy as these
> are indicated as <scrubbed>:port for the users protection! I have never
> seen this before and haven't seen it since. Of course, on low usage
> bridges, the connection IP address can possibly be disseminated from netstat
> but that's not the point. It's my sense that this should never happen. I
> get chills imagining this happening on a guard relay operated by an
> antagonist ! !
>
> I'm using the default NYX configuration on Ubuntu server 18.04.1 LTS, Tor
> 0.3.3.9.
>
> Arisbe
>
> --
> One person's moral compass is another person's face in the dirt.
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
More information about the tor-relays
mailing list