[tor-talk] tor 0.2.8.5-rc connecting to 18.0.0.1

teor teor2345 at gmail.com
Sat Aug 20 04:42:44 UTC 2016


arma wrote:

> On Fri, Aug 19, 2016 at 04:05:07AM +0100, landers at tutanota.com
>  wrote:
> > I'd like to ask why is tor-win32-0.2.8.5-rc.zip and torbrowser-install-6.5a2_en-US.exe connecting to 18.0.0.1 ?
> > [...]
> > is tor 0.2.8.5-rc binding a socket to 18.0.0.1 ? or is it something else?  if so why is this not on the changelog?
> > this was a bug 4 or 5 years ago for mac users, had a ticket and its been solved.
> > https://trac.torproject.org/projects/tor/ticket/1827
> 
> Neat! It looks like that behavior is back.
> 
> > the simple notion that tor connects to an ip with 18.0.0.1 seems unsettling specially when a old ticket solved the issue
> > although it was for mac users, i have never encounter this behavior before when using previous versions of TBB or tor packages in windows.
> > the other recent version "torbrowser-install-6.0.3_en-US.exe" (e8ca44a4d73bc0183973e3e7abbbaf546c2a1d2cae3df58b76e929332e02a277) simply
> > connects to 127.0.0.1 no other behavior is shown.
> 
> Sounds like a regression. A search in the code for "18.0.0.1" led me to
> get_interface_address6_via_udp_socket_hack(). Looking at the recent
> commits that mention that function we have:
> 
> https://trac.torproject.org/projects/tor/ticket/17950
> 
> and
> 
> https://trac.torproject.org/projects/tor/ticket/17951
> 
> The ChangeLog entries are:
> 
>   o Minor features (relay, address discovery):
>     - Add a family argument to get_interface_addresses_raw() and
>       subfunctions to make network interface address interogation more
>       efficient. Now Tor can specifically ask for IPv4, IPv6 or both
>       types of interfaces from the operating system. Resolves
>       ticket 17950.
>     - When get_interface_address6_list(.,AF_UNSPEC,.) is called and
>       fails to enumerate interface addresses using the platform-specific
>       API, have it rely on the UDP socket fallback technique to try and
>       find out what IP addresses (both IPv4 and IPv6) our machine has.
>       Resolves ticket 17951.
> 
> That second one looks very related.

You're seeing this firewall warning due to a bugfix we released in Tor 0.2.8.

Tor clients protect your anonymity across different networks by changing some details when your IP address changes. When the platform-specific functions for finding your local IP address fail, we now do an extra check to see if we can find your IP address.

I've just commented on https://trac.torproject.org/projects/tor/ticket/19945 , here's an excerpt:

Tor clients generate a new SSL certificate each time their IP address changes - this makes sure they can't be tracked across different  networks. (See client_check_address_changed for details.)

Tor uses two methods to find the address, GetAdaptersAddresses and the "UDP socket hack": asking the machine the local address of a UDP socket. For the hack to work, the socket has to be associated with a public IP address. Tor never sends data on the socket, it's entirely safe to block it with your firewall. Tor's just using it to check if your local address has changed.

...

In this case, it's likely that GetAdaptersAddresses failed to return any addresses, and to the UDP socket hack is being used to find the client IP address. To confirm this, please check the info-level logs for messages like:

Unable to load iphlpapi.dll
Unable to obtain pointer to GetAdaptersAddresses
GetAdaptersAddresses failed (result:

It would be great if a Windows dev could update the code in get_interface_addresses_win32 to correctly find the IP address on newer  systems. (We really, really need help from developers who can program on Windows!)

But this fix is not urgent. As far as I can tell, Tor is functioning as designed to make sure that users can't be linked when they change IP addresses. (Even though GetAdaptersAddresses isn't working.)

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org






-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20160820/ad6bc00c/attachment.sig>


More information about the tor-talk mailing list