BOGUS AUTHORITY ALERT: interesting cached-status/1A0999C05AE2B9A3CF474077F06060E91B3A847 file

Tue Apr 1 03:24:10 UTC 2008

Scott Bennett wrote:
>      It has now been several hours since I posted a message about an impostor
> authority.  Having received no response thus far from the list, I am reposting
> the message below with a stronger Subject: line.  I'd also like to make the
> additional comment that I would very much like to see a torrc line available,
> similar to ExcludeNodes, that would allow individual tor operators to ignore
> specific directory servers when those operators decide there is a problem with
> those servers.  For example, "ExcludeAuthorities" would refuse to accept status
> or consensus documents from the listed servers.  "ExcludeDirectoryNodes" would
> refuse to contact the DirPort of each listed server.
> 
> 					Scott
>    ---------------------------------------------------------------------
>      This cached-status file begins with:
> 
> dir-source s15192785 212.227.86.59 9030
> fingerprint 1A0999C05AE2B9A3CF474077F06060E91B3A847B
> contact Random Person <stfu at tor.invalid>
> published 2008-03-29 09:54:11
> dir-options
> dir-signing-key
> -----BEGIN RSA PUBLIC KEY-----
> MIGJAoGBAM8/5QA67aqGKO8z65hB+noDVOjZaZg1FAzou5wHlx0Q8UgfCmwVbCE0
> tvd1hP2pBl0+4vHaYE0/p2DDll2Zn2BjBdQcI4AYcPA1CjlYdDNl316d3PwTVArc
> OpfckZireM0LprNId0PXSycKmwmWxeX88t66eNGyFxnsjamK2k3ZAgMBAAE=
> -----END RSA PUBLIC KEY-----
> 
> The above lines are then followed by the usual "r" and "s" lines, but oddly
> enough, no "opt" lines.  Usually I see three lines (one of each of the above)
> for each router.
>      However, looking for that IP address (212.227.86.59) in this section, I
> find not "s15192785", but "abutor":
> 
> r abutor GgmZwFriuaPPR0B38GBg6Rs6hHs 4Oj8zvA0SAIoRuEI2y9MsGYsBk4 2008-03-28 21:07:43 212.227.86.59 9001 9030
> s Authority Fast Stable Running Valid V2Dir
> 
> Notice the "Authority" flag in the "r" line above.  This flag does not appear
> for this router in any of the other four cached-status files.
>      So how do I block this bogus cached-status file and its illegitimate
> "Authority" flag for a screwed up router with bad contact information?
> 
> 
>                                   Scott Bennett, Comm. ASMELG, CFIAG
> **********************************************************************
> * Internet:       bennett at cs.niu.edu                              *
> *--------------------------------------------------------------------*
> * "A well regulated and disciplined militia, is at all times a good  *
> * objection to the introduction of that bane of all free governments *
> * -- a standing army."                                               *
> *    -- Gov. John Hancock, New York Journal, 28 January 1790         *
> **********************************************************************
> 
> 

Very interesting, and thank you very much for keeping an eye on this for 
the rest of us.  I was wondering why I was getting weird error messages 
about not being able to match some descriptors in my tor.log file, but I 
didn't save it so I can't compare it to your findings.

I'll keep my eye out now for sure though....thanks again.

- Kyle