another unusual connection

Roger Dingledine arma at mit.edu
Mon Jan 28 03:33:43 UTC 2008


On Sun, Jan 27, 2008 at 10:42:14PM +0000, john smith wrote:
> another recurrence of the same type of unusual connection.
> i include the time the server started in the log below. the connection
> through 212.112.242.159 persists for a much longer period of time on
> this occassion (the 'scrubbed' connection did not occur last time).

Neat. So it was 212.112.242.159 in both cases?

New theory: in rare cases, Tor servers (like maximator) lie to directory
clients about what IP address they appear to have, due to iptables
confusion or something similar. More specifically, it claims that
everybody looks like itself. Then Tor servers that don't know their own
address get suckered into thinking they switched.

If this is actually the bug, I'll have to ponder how to fix it well. We
could require several places to agree before we think we should switch;
but that would slow down reaction times considerably. We could only
believe answers from authorities; but I don't want to preclude better
load balancing. We could ignore it when we ask a directory mirror at IP
address X and he says we look like we're coming from IP address X;
that's probably a good idea, and I should add a check for this. Then we
can see if that check ever triggers.

Please let me know if it happens more (or if other people experience it
and can provide more details!), and maybe we'll narrow in further.

Thanks,
--Roger



More information about the tor-talk mailing list