#25833 closed defect (not a bug)

GEOIP of exit node returns country different from the one detected by a website. May be a MiTM

Reported by: cypherpunks Owned by:
Priority: Medium Milestone:
Component: Core Tor/Tor Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

It may be a MiTM attempt:
browser <-> Tor <-> malicious exit node <-> Tor <-> exit node <-> website

This way a malicious exit node can analyze traffic or inject malware offloading most of legal risks to another exit node.

Child Tickets

Change History (3)

comment:1 Changed 12 months ago by cypherpunks

Summary: GEOIP of exit node returns country different from the one detected by a websiteGEOIP of exit node returns country different from the one detected by a website. May be a MiTM

comment:2 Changed 12 months ago by cypherpunks

The proposed approach is to ban such kind of exit nodes.

comment:3 Changed 12 months ago by teor

Component: Core TorCore Tor/Tor
Resolution: not a bug
Status: newclosed

Geoip is inaccurate, and different sources assign different countries to the same IP address.
It is particularly inaccurate for tor relays, because most geoip services are used for targeted advertising for residential IP addresses.
This is not a bug in tor, and it probably isn't a bug in the website either.

Note: See TracTickets for help on using tickets.