bogus IP address / clock change from authority server
Today I found messages about bogus IP address and clock changes in my relay log (see attachment). My node: https://atlas.torproject.org/#details/4E8CE6F5651E7342C1E7E5ED031E82078134FB0D
This caused the HSDir flag of my relay to be removed...
Trac:
Username: rene0
Activity
changed milestone to %Tor: unspecified
Trac:
Username: rene0-
Same problem here with https://atlas.torproject.org/#details/953DB709F2A2DECC8D7560661F934E64411444F7
Jun 09 12:21:50.000 [notice] Our IP Address has changed from 149.18.2.82 to 91.5.121.93; rebuilding descriptor (source: 154.35.175.225). Jun 09 12:21:51.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. Jun 09 12:21:54.000 [notice] Performing bandwidth self-test...done. Jun 09 12:22:51.000 [notice] Our IP Address has changed from 91.5.121.93 to 149.18.2.82; rebuilding descriptor (source: 86.59.21.38). Jun 09 12:22:51.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. Jun 09 12:22:51.000 [notice] Self-testing indicates your DirPort is reachable from the outside. Excellent. Jun 09 12:23:52.000 [notice] Our IP Address has changed from 149.18.2.82 to 91.5.121.93; rebuilding descriptor (source: 154.35.175.225). Jun 09 12:23:52.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. Jun 09 12:24:10.000 [notice] Our IP Address has changed from 91.5.121.93 to 149.18.2.82; rebuilding descriptor (source: 154.35.175.225). Jun 09 12:24:10.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. Jun 09 12:25:00.000 [notice] Self-testing indicates your DirPort is reachable from the outside. Excellent.
Trac:
Username: pterjan A while ago Faravahar seen an IP change on one of my relays too, and the IP did not change at all (it couldn't have). There is something weird with faravahar reaching relays (or at least some of them). interested people might want to look into #15500 (moved) as well - ticket describes how faravahar is voting Stable and HSDir in a much smaller number as opposite to the other directory authorities.
Faravahar went under a DDoS attack and I switched the upstream provider, also put the system behind a hardware ddos mitigation device and got a new IP.
Apparently at some point, caching was enabled to improve the service by my provider on the HTTP port, which caused issues with the X-Your-Address-Is header.
I made tickets and made sure that this does not happen, I don't expect to see this issue again, you can test it by sending GET requests to 154.35.175.225.
Having said that, if someone connects to the old IP still, because the traffic is being forwarded using NAT rules, the X-Your-Address-Is shows this: < X-Your-Address-Is: 154.35.32.5
I am hoping to turn off the OLD IP and the NAT rules soon, as it has already been about 12 months. But the new/current IP functions properly. (154.35.175.225)
Trac:
Severity: N/A to NormalI've logged #17605 (moved) to address the root cause of this issue - we could add cache directives to the headers of all directory documents served by tor to avoid caching the X-Your-IP-Address-Is header (or, perhaps, avoid caching any directory document).
inf0, are you OK to close this now?
We have a suggested mitigation on the relay side in #17782 (moved): "Maybe a NATed OR should self-test its reachability before advertising the new IP address."
Trac:
Status: new to needs_informationmentioned in issue #17605 (moved)
mentioned in issue #17782 (moved)
moved to tpo/core/tor#16205 (closed)
mentioned in issue tpo/core/tor#17605 (closed)
