Opened 3 years ago

Last modified 3 months ago

#19997 assigned defect

BridgeDB's get-tor-exits script doesn't account for IPv6

Reported by: isis Owned by:
Priority: Medium Milestone:
Component: Circumvention/BridgeDB Version:
Severity: Major Keywords: bridge-enumeration, ex-sponsor-19
Cc: Actual Points:
Parent ID: Points: 2
Reviewer: Sponsor: Sponsor30-can

Description

As Arlo pointed out on the tor-dev mailing list, the exit-addresses script running on check.torproject.org doesn't include IPv6 exit addresses, making anything that relies upon the list unreliable. BridgeDB's scripts/get-tor-exits downloads the output of exit-addresses, and uses it to treat clients using Tor to request bridges as coming from the same address. Not taking IPv6 addresses into account will allow an adversary to use IPv6-capable tor exits to get additional bridges during a time period.

Some new script should be written to generate a list of IPv6 (optionally also IPv4 addresses, so that everything is in one document) exit addresses to fix this issue.

Child Tickets

Change History (3)

comment:1 Changed 7 months ago by gaba

Owner: isis deleted
Points: 2
Sponsor: Sponsor19
Status: newassigned

comment:2 Changed 3 months ago by gaba

Keywords: ex-sponsor-19 added

Adding the keyword to mark everything that didn't fit into the time for sponsor 19.

comment:3 Changed 3 months ago by phw

Sponsor: Sponsor19Sponsor30-can

Moving from Sponsor 19 to Sponsor 30.

Note: See TracTickets for help on using tickets.