[tor-relays] Possible problem with NYX

arisbe arisbe at cni.net
Tue Sep 4 18:28:50 UTC 2018


Thanks for this added info--it helps.


On 9/4/2018 9:36 AM, Damian Johnson wrote:
> Hi arisbe. This isn't as concerning as you seem to think. As Nathaniel
> mentions it's simple to get this information, Nyx is simply attempting
> to scrub it cuz... well, it's ethically and legally the right thing to
> do. Nyx's 'should this be scrubbed' check is pretty simple [1].
> Inbound addresses are scrubbed if...
>
> 1. You're configured to accept user traffic (ie. you set BridgeRelay
> in your torrc or have receive the Guard flag). [2]
> 2. The connection doesn't belong to a another tor relay. [3]
>
> Does the relay show relay information such as a fingerprint? If so
> then it shouldn't be scrubbed. If it doesn't and you've set
> BridgeRelay in your torrc then please let us know on...
>
> https://trac.torproject.org/projects/tor/wiki/doc/nyx/bugs
>
> Thanks! -Damian (author of nyx and stem)
>
> [1] https://gitweb.torproject.org/nyx.git/tree/nyx/panel/connection.py#n230
> [2] https://gitweb.torproject.org/stem.git/tree/stem/control.py
> [3] In particular, we check if the address/port is in the consensus.
>
>
> On Mon, Sep 3, 2018 at 1:13 PM, arisbe <arisbe at cni.net> wrote:
>> Hello ops,
>>
>> Today I noticed something on NYX that I find disturbing.  Page 2 (list of
>> inbound/outbound connections) showed me the IP address of an inbound
>> connection on one of my bridges!  Not the authority. This is crazy as these
>> are indicated as <scrubbed>:port for the users protection!  I have never
>> seen this before and haven't seen it since.  Of course, on low usage
>> bridges, the connection IP address can possibly be disseminated from netstat
>> but that's not the point.  It's my sense that this should never happen.  I
>> get chills imagining this happening on a guard relay operated by an
>> antagonist ! !
>>
>> I'm using the default NYX configuration on Ubuntu server 18.04.1 LTS, Tor
>> 0.3.3.9.
>>
>> Arisbe
>>
>> --
>> One person's moral compass is another person's face in the dirt.
>>
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-- 
One person's moral compass is another person's face in the dirt.



More information about the tor-relays mailing list