Opened 4 years ago

Closed 2 years ago

#16205 closed defect (duplicate)

bogus IP address / clock change from authority server

Reported by: rene0 Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version: Tor: 0.2.6.7
Severity: Normal Keywords: tor-03-unspecified-201612
Cc: inf0 Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Today I found messages about bogus IP address and clock changes in my relay log (see attachment). My node:
https://atlas.torproject.org/#details/4E8CE6F5651E7342C1E7E5ED031E82078134FB0D

This caused the HSDir flag of my relay to be removed...

Child Tickets

Attachments (1)

tor-weirdness.txt (1.8 KB) - added by rene0 4 years ago.
snippet of arm log (edited)

Download all attachments as: .zip

Change History (11)

Changed 4 years ago by rene0

Attachment: tor-weirdness.txt added

snippet of arm log (edited)

comment:1 Changed 4 years ago by pterjan

Same problem here with https://atlas.torproject.org/#details/953DB709F2A2DECC8D7560661F934E64411444F7

Jun 09 12:21:50.000 [notice] Our IP Address has changed from 149.18.2.82 to 91.5.121.93; rebuilding descriptor (source: 154.35.175.225).
Jun 09 12:21:51.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
Jun 09 12:21:54.000 [notice] Performing bandwidth self-test...done.
Jun 09 12:22:51.000 [notice] Our IP Address has changed from 91.5.121.93 to 149.18.2.82; rebuilding descriptor (source: 86.59.21.38).
Jun 09 12:22:51.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
Jun 09 12:22:51.000 [notice] Self-testing indicates your DirPort is reachable from the outside. Excellent.
Jun 09 12:23:52.000 [notice] Our IP Address has changed from 149.18.2.82 to 91.5.121.93; rebuilding descriptor (source: 154.35.175.225).
Jun 09 12:23:52.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
Jun 09 12:24:10.000 [notice] Our IP Address has changed from 91.5.121.93 to 149.18.2.82; rebuilding descriptor (source: 154.35.175.225).
Jun 09 12:24:10.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
Jun 09 12:25:00.000 [notice] Self-testing indicates your DirPort is reachable from the outside. Excellent.

comment:2 Changed 4 years ago by arma

Cc: inf0 added

Sina: we've gotten several more reports like this one recently. They all seem to involve Faravahar in some way.

Do you think it might have to do with your front-end experimental ddos protection stuff?

comment:3 Changed 4 years ago by s7r

A while ago Faravahar seen an IP change on one of my relays too, and the IP did not change at all (it couldn't have). There is something weird with faravahar reaching relays (or at least some of them). interested people might want to look into #15500 as well - ticket describes how faravahar is voting Stable and HSDir in a much smaller number as opposite to the other directory authorities.

Last edited 4 years ago by s7r (previous) (diff)

comment:4 Changed 4 years ago by teor

Milestone: Tor: 0.2.???

comment:5 Changed 4 years ago by inf0

Severity: Normal

Faravahar went under a DDoS attack and I switched the upstream provider, also put the system behind a hardware ddos mitigation device and got a new IP.

Apparently at some point, caching was enabled to improve the service by my provider on the HTTP port, which caused issues with the X-Your-Address-Is header.

I made tickets and made sure that this does not happen, I don't expect to see this issue again, you can test it by sending GET requests to 154.35.175.225.

Having said that, if someone connects to the old IP still, because the traffic is being forwarded using NAT rules, the X-Your-Address-Is shows this:
< X-Your-Address-Is: 154.35.32.5

I am hoping to turn off the OLD IP and the NAT rules soon, as it has already been about 12 months. But the new/current IP functions properly. (154.35.175.225)

comment:6 Changed 4 years ago by teor

I've logged #17605 to address the root cause of this issue - we could add cache directives to the headers of all directory documents served by tor to avoid caching the X-Your-IP-Address-Is header (or, perhaps, avoid caching any directory document).

comment:7 Changed 4 years ago by teor

Status: newneeds_information

inf0, are you OK to close this now?

We have a suggested mitigation on the relay side in #17782:
"Maybe a NATed OR should self-test its reachability before advertising the new IP address."

comment:8 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:9 Changed 3 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:10 Changed 2 years ago by nickm

Resolution: duplicate
Status: needs_informationclosed
Note: See TracTickets for help on using tickets.