Opened 2 years ago

Closed 2 years ago

#22300 closed defect (not a bug)

DNSstuff (http://www.dnsstuff.com/) occasionally indicates a different IP address from the exit node IP address indicated in the Torbutton menu

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Configuration: Tor Browser 6.5.2 for Linux (32-bit.) Tor Browser is being used under Xubuntu Linux 16.04.2 LTS. Under the Torbutton menu item "Security Settings...", the Security Level slider is set to "Low (default)". In NoScript, scripts are globally enabled. HTTPS Everywhere has been updated to 5.2.16.

The main DNSstuff page (http://www.dnsstuff.com/) has an area near the top of the page where the page shows the user's IP address and the location (as determined by DNSstuff) for the IP address. When connecting to this DNSstuff page with Tor Browser, one would expect the indicated IP address on the DNSstuff page to be the same as the IP address for the Tor exit node used.

When the Torbutton (green onion) icon in Tor Browser is clicked, the browser displays a menu that shows, among other things, the current Tor circuit under the "Tor circuit for this site" heading. In the Tor circuit information, three IP addresses are listed, each with a location, and from what one understands, the third IP address is the IP address for the exit node.

In almost all instances, the DNSstuff page shows the same IP address as that indicated for the exit node in the Torbutton menu.

On occasion, however, it appears that the DNSstuff page will indicate an IP address that is different from the one for the Tor exit node that is indicated in the Torbutton menu. It may be possible to reproduce this issue by doing the following:

  1. Load Tor Browser
  2. Go to http://www.dnsstuff.com/
  3. Once the IP address information is displayed at the top of the page, click the Torbutton (green onion) icon in the browser and compare the third IP address (that of the exit node) to the IP address that is displayed at the top of the DNSstuff page.
  4. If the two IP addresses match, choose "New Tor Circuit for this Site" from the Torbutton menu, which should cause the page to reload via a new Tor circuit. Then go to step 3.

To reproduce the issue, it may be necessary to repeat the steps may times, i.e. more than 20 times.

For example, in one case, the Torbutton menu indicated an exit node IP of 193.90.12.90 and the location Norway, whereas the DNSstuff page indicated an IP address of 209.133.66.214 and the location Chicago, Illinois (US). According to a Tor node checker at https://www.dan.me.uk/torcheck, both IP addresses are for Tor nodes.

As a second example, the situation happened where the Torbutton menu indicated an exit node IP of 185.170.41.8 and the location Panama, whereas the DNSstuff page indicated an IP address of 37.187.129.166 and the location Roubaix, Hauts-de-France (FR). According to a Tor node checker at https://www.dan.me.uk/torcheck, the IP address 185.170.41.8 is a Tor node, but 37.187.129.166 is not a Tor node.

As a third example, the situation happened where the Torbutton menu indicated an exit node IP of 193.15.16.4 and the location Sweden, whereas the DNSstuff page indicated an IP address of 178.239.50.48 and the location Spijkenisse, Zuid-Holland (NL). According to a Tor node checker at https://www.dan.me.uk/torcheck, the IP address 193.15.16.4 is a Tor node, but 178.239.50.48 is not a Tor node.

As a fourth example, the situation happened where the Torbutton menu indicated an exit node IP of 173.254.216.67 and the United States, whereas the DNSstuff page indicated an IP address of 173.254.216.66 and the location Los Angeles, California (US). According to a Tor node checker at https://www.dan.me.uk/torcheck, the IP address, both IP addresses are for Tor nodes.

Child Tickets

Change History (1)

comment:1 Changed 2 years ago by yawning

Resolution: not a bug
Status: newclosed

This less a bug and more a limitation of what information is available to Tor Browser through the tor daemon.

The circuit display's idea of an node's IP address is based off the address that the ORPort is listening on, because that's the only information contained in the directory documents. There's no requirement for any node to use the same address that the ORPort is on, to make outgoing connections (this applies to all nodes, but is particularly relevant for exits). So any Exit IP listing will always give incorrect results, if the only data source is "the list of ORPort IPs".

Some of the other tools like check.tp.o attempt to discern the true exit IP by building test circuits through the network, however that approach is entirely inappropriate for something to include in Tor Browser. See https://gitweb.torproject.org/tordnsel.git/tree/src/TorDNSEL/ExitTest for an example of how this is implemented.

Note: See TracTickets for help on using tickets.