Discuss strategies for detecting the probes IP address

Currently we detect the client IP by doing a HTTPS request to https://check.torproject.org/ and parsing the content of this page.

This can be a problem since it allows an attacker to fingerprint OONIProbe based on the fact that it does this lookup when a test is run. What other strategies can we use to avoid this?

added component::archived/ooni ooni_research owner::hellais priority::medium resolution::fixed status::closed type::defect labels

Building a Tor circuit will tell us our own IP - this means that we can connect to a Tor bridge and ask it what it sees as our IP. Combined with looking at the IP on our own interface, we can see if it matches.

Trac:
Keywords: N/A deleted, ooni_research added

Another strategy would be to use the geoip service of ubuntu:

http://geoip.ubuntu.com/lookup

A request to such service is done by all ubuntu desktops on first boot, so it does not appear to be something particularly suspicious.

Arturo: I recall telling you in Amsterdam that 'getinfo address' wouldn't work on non-relays. I just looked into it more, and it should. But it won't work until the Tor client has done some directory fetch.

I opened #8214 (moved) for what I think is what you should want.

We discussed with @ioerror implementing a series of strategies for detecting the probes IP address.

In sequence we will attempt to detect the probe IP address via:

• If Tor is running and we have access to the control port via "getinfo address"

• By performing a UDP traceroute and consider the first hop in public IP space as the IP address of the probe

• By using a geoip lookup service (for example what is detailed in #8191 (closed))

@ioerror: What should be the destination IP and port of the UDP traceroute?

Trac:
Cc: ioerror, isis to ioerror, isis, aagbsn

Replying to hellais:

We discussed with @ioerror implementing a series of strategies for detecting the probes IP address.

In sequence we will attempt to detect the probe IP address via:

• If Tor is running and we have access to the control port via "getinfo address"

• By performing a UDP traceroute and consider the first hop in public IP space as the IP address of the probe

• By using a geoip lookup service (for example what is detailed in #8191 (closed))

@ioerror: What should be the destination IP and port of the UDP traceroute?

That sounds mostly accurate - that is - there are some ip address lookup systems - we should enumerate a few of the most popular, write a small bit of code to get our IP from each one and then use some of those for the third step.

As far as the UDP traceroute - I think we can literally just randomly generate a few IP addresses and trace to them. It only needs to get past the first four hops for the returned data to be useful. The first three usually include rfc1918 addresses or (as was the case in Burma) sometimes bogus IP addresses that aren't actually properly routed. In Burma, they just used a public IP of uunet (!) for their IP - since it all goes through a filter, the filter just rewrote the entire thing and no one seems to care at all.

We could also perform a UDP traceroute to any of the geoip lookup services once we enumerate the names and IP addresses.

This is done.

Trac:
Resolution: N/A to fixed
Status: new to closed

closed

mentioned in issue #8214 (moved)

mentioned in issue tpo/core/tor#8214 (closed)