Opened 7 years ago

Closed 6 years ago

#7348 closed defect (fixed)

Discuss strategies for detecting the probes IP address

Reported by: hellais Owned by: hellais
Priority: Medium Milestone:
Component: Archived/Ooni Version:
Severity: Keywords: ooni_research
Cc: ioerror, isis, aagbsn Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Currently we detect the client IP by doing a HTTPS request to https://check.torproject.org/ and parsing the content of this page.

This can be a problem since it allows an attacker to fingerprint OONIProbe based on the fact that it does this lookup when a test is run. What other strategies can we use to avoid this?

Child Tickets

TicketStatusOwnerSummaryComponent
#8191closedhellaisImplement probe IP address lookup via geoip.ubuntu.com/lookupArchived/Ooni

Change History (7)

comment:1 Changed 7 years ago by ioerror

Building a Tor circuit will tell us our own IP - this means that we can connect to a Tor bridge and ask it what it sees as our IP. Combined with looking at the IP on our own interface, we can see if it matches.

comment:2 Changed 7 years ago by hellais

Keywords: ooni_research added

comment:3 Changed 7 years ago by hellais

Another strategy would be to use the geoip service of ubuntu:

http://geoip.ubuntu.com/lookup

A request to such service is done by all ubuntu desktops on first boot, so it does not appear to be something particularly suspicious.

comment:4 Changed 7 years ago by arma

Arturo: I recall telling you in Amsterdam that 'getinfo address' wouldn't work on non-relays. I just looked into it more, and it should. But it won't work until the Tor client has done some directory fetch.

I opened #8214 for what I think is what you should want.

comment:5 Changed 6 years ago by hellais

Cc: aagbsn added

We discussed with @ioerror implementing a series of strategies for detecting the probes IP address.

In sequence we will attempt to detect the probe IP address via:

  • If Tor is running and we have access to the control port via "getinfo address"
  • By performing a UDP traceroute and consider the first hop in public IP space as the IP address of the probe
  • By using a geoip lookup service (for example what is detailed in #8191)

@ioerror:
What should be the destination IP and port of the UDP traceroute?

comment:6 in reply to:  5 Changed 6 years ago by ioerror

Replying to hellais:

We discussed with @ioerror implementing a series of strategies for detecting the probes IP address.

In sequence we will attempt to detect the probe IP address via:

  • If Tor is running and we have access to the control port via "getinfo address"
  • By performing a UDP traceroute and consider the first hop in public IP space as the IP address of the probe
  • By using a geoip lookup service (for example what is detailed in #8191)

@ioerror:
What should be the destination IP and port of the UDP traceroute?

That sounds mostly accurate - that is - there are some ip address lookup systems - we should enumerate a few of the most popular, write a small bit of code to get our IP from each one and then use some of those for the third step.

As far as the UDP traceroute - I think we can literally just randomly generate a few IP addresses and trace to them. It only needs to get past the first four hops for the returned data to be useful. The first three usually include rfc1918 addresses or (as was the case in Burma) sometimes bogus IP addresses that aren't actually properly routed. In Burma, they just used a public IP of uunet (!) for their IP - since it all goes through a filter, the filter just rewrote the entire thing and no one seems to care at all.

We could also perform a UDP traceroute to any of the geoip lookup services once we enumerate the names and IP addresses.

comment:7 Changed 6 years ago by hellais

Resolution: fixed
Status: newclosed

This is done.

Note: See TracTickets for help on using tickets.