Opened 4 years ago

Last modified 6 months ago

#19997 new defect

BridgeDB's get-tor-exits script doesn't account for IPv6

Reported by: isis Owned by:
Priority: Medium Milestone:
Component: Circumvention/BridgeDB Version:
Severity: Major Keywords: bridge-enumeration, ex-sponsor-19
Cc: Actual Points:
Parent ID: Points: 2
Reviewer: Sponsor: Sponsor30-can


As Arlo pointed out on the tor-dev mailing list, the exit-addresses script running on doesn't include IPv6 exit addresses, making anything that relies upon the list unreliable. BridgeDB's scripts/get-tor-exits downloads the output of exit-addresses, and uses it to treat clients using Tor to request bridges as coming from the same address. Not taking IPv6 addresses into account will allow an adversary to use IPv6-capable tor exits to get additional bridges during a time period.

Some new script should be written to generate a list of IPv6 (optionally also IPv4 addresses, so that everything is in one document) exit addresses to fix this issue.

Child Tickets

Change History (4)

comment:1 Changed 19 months ago by gaba

Owner: isis deleted
Points: 2
Sponsor: Sponsor19
Status: newassigned

comment:2 Changed 15 months ago by gaba

Keywords: ex-sponsor-19 added

Adding the keyword to mark everything that didn't fit into the time for sponsor 19.

comment:3 Changed 15 months ago by phw

Sponsor: Sponsor19Sponsor30-can

Moving from Sponsor 19 to Sponsor 30.

comment:4 Changed 6 months ago by teor

Status: assignednew

Change tickets that are assigned to nobody to "new".

Note: See TracTickets for help on using tickets.