Circuits being hijacked?
For all I know, this condition may be normal, but it seems odd to me and causes me to wonder if some routers have been compromised or if circuits are being hijacked.
First, I noticed that the Tor Detector sometimes reported that I was connecting from aala.MyLittleCorner.org (not sure if I remember the caps right), ip 149.9.0.25 -- which the detector said was not a valid Tor router. To add to the mystery, that router was supposedly configured as a middle-man only (reject :) in the cached-routers file.
Alarmed, I added the fingerprint for that router to the ExcludeNodes in my torrc file, cleared all the cache and state files, closed Tor, and re-started. Surprise, that router was still sometimes being reported as my exit node by the Tor detector and irc servers. Irc connections were extremely hard to come by and short-lived.
The Tor Detector page mentioned the possibility of a "multi-homed" router. Unable to find that term in the documentation, I decided to search the cache files for similar ip addresses. I found a total of five routers for ip 149.9.. -- all of them running FreeBSD i386 and Tor 0.1.0.16:
router mauger 149.9.137.153 9001 0 9030 platform Tor 0.1.0.16 on FreeBSD i386
router donk3ypunch 149.9.25.222 9001 0 9030 platform Tor 0.1.0.16 on FreeBSD i386
router TheGreatSantini 149.9.92.194 9001 0 9030 platform Tor 0.1.0.16 on FreeBSD i38
router aala 149.9.0.25 9001 0 9030 platform Tor 0.1.0.16 on FreeBSD i386
router paxprivoso 149.9.205.73 9001 0 9030 platform Tor 0.1.0.16 on FreeBSD i386
I put all their fingerprints in the ExcludeNodes setting, and since then I have not noticed the anomaly with Tor Detector, nor the unusual irc behavior.
I was using Tor 0.1.1.21 when I noticed phenomenon. It also occurred when I experimented with 0.1.1.20 and 0.1.0.17.
Is this a problem or expected behavior?
[Automatically added by flyspray2trac: Operating System: All]
Trac:
Username: anm_3418