#19997: BridgeDB's get-tor-exits script doesn't account for IPv6 --------------------------------------+-------------------------------- Reporter: isis | Owner: isis Type: defect | Status: new Priority: Medium | Milestone: Component: Obfuscation/BridgeDB | Version: Severity: Major | Keywords: bridge-enumeration Actual Points: | Parent ID: Points: | Reviewer: Sponsor: | --------------------------------------+-------------------------------- As Arlo pointed out [https://lists.torproject.org/pipermail/tor- dev/2016-August/011318.html on the tor-dev mailing list], the `exit- addresses` script running on check.torproject.org doesn't include IPv6 exit addresses, making anything that relies upon the list unreliable. BridgeDB's `scripts/get-tor-exits` downloads the output of `exit- addresses`, and uses it to treat clients using Tor to request bridges as coming from the same address. Not taking IPv6 addresses into account will allow an adversary to use IPv6-capable tor exits to get additional bridges during a time period.
Some new script should be written to generate a list of IPv6 (optionally also IPv4 addresses, so that everything is in one document) exit addresses to fix this issue. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19997> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs