Dupe named exit nodes, friend or foe?

Scott Bennett bennett at cs.niu.edu
Sun Jun 14 09:06:58 UTC 2009

     On Sun, 14 Jun 2009 04:53:51 -0400 pigpoked at Safe-mail.net wrote:
>Twice, I've received the, "Sorry, you're not using tor" message on the tor check page. I checked one tor node listing website, the exit node IP listed on the "Sorry" page was a recently added exit node which had a duplicate name of another exit node. This duplicate exit node was listed as down, the other real exit node was up but with a different IP. I searched my cached listings in ~/.tor and this "Sorry" paged duplicate named "down" node was listed within the recent "new" listing of nodes.
>How is it I was using a dupe node? How is it a node listed as down could be in use? How is it a node with a duplicate name with a different IP from the other preexisting node could exist? From this information, I would consider this a bad exit node, but I need input. I didn't retain the dupe node name, IP, or fingerprint. Is this behavior normal or expected? If this is rogue behavior, do we report these findings to this list or if these nodes are bad are they automatically culled?
     It's normal, if somewhat unfortunate.  If you recall the thread I started
several weeks ago about the huge numbers of nodes named "tbreg", then be
advised that the current directory and consensus information are still full of
them.  tor uses the key fingerprint as the node's "real" identifier.  The
name gotten from the Nickname line in torrc is just an attempt to be easier on
humans' eyes.  Many nodes with unique key fingerprints can all be configured
to use the same Nickname, but because tor uses the fingerprints, rather than
the Nickname fields, to distinguish between nodes, there is no conflict.
     The other piece of the story is that if someone is using a prepackaged
tor configuration, like the "tbreg" nodes appear to be, it might also be set
up such that the OR's keys are destroyed every time it is shut down.  If that
is indeed the case, then new keys will be generated each time tor is started,
thus leading to publication of a new descriptor each time.  If the IP address
has remained unchanged from one startup to the next, then it will appear that
many separate tor instances share the same IP address, even though that isn't
really what is going on.  Essentially, such packages make tor relays disposable
entities whose lifespans are equal to the lifespans of particular instances
of tor.

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at cs.niu.edu                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *

More information about the tor-talk mailing list