Delivery-Date: Sat, 20 Aug 2016 00:43:34 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [138.201.14.202])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 42BB21E0415;
	Sat, 20 Aug 2016 00:43:32 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id AF47CE031B;
	Sat, 20 Aug 2016 04:43:07 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id A62C8E02E5
 for <tor-talk@lists.torproject.org>; Sat, 20 Aug 2016 04:42:59 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 4prnMVjljt66 for <tor-talk@lists.torproject.org>;
 Sat, 20 Aug 2016 04:42:58 +0000 (UTC)
Received: from mail-pa0-x22e.google.com (mail-pa0-x22e.google.com
 [IPv6:2607:f8b0:400e:c03::22e])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 4DD3EE02DC
 for <tor-talk@lists.torproject.org>; Sat, 20 Aug 2016 04:42:58 +0000 (UTC)
Received: by mail-pa0-x22e.google.com with SMTP id pp5so21582916pac.3
 for <tor-talk@lists.torproject.org>; Fri, 19 Aug 2016 21:42:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=from:subject:date:message-id:to:mime-version;
 bh=QoyHAVPvxKLdWS9gprfPBPWSSvmHNHji7gCexaZIQaU=;
 b=XSloLIjwWVDUA6uHjMc26WivphhP/TyI9BVb0+DDuZnIPe2Q67BCR29dD/V7aQfwpF
 iTLWbPqEmScSHKs/PqSjV9xftiryWl1iV5vSaAYMDxjn0XluU4aaFgjajCmTJPyDVZ4U
 V/MWqDxcqYvrXwXFMTTh1S5Q231NRhdMGianMlC+Rzl6xZx40eOHZMBgaBWYRQi7u1sz
 1D1RXk7WQ7Ri121uaD/MC9whagtQ50iZJMGeQdTxyZKIC+N2eitXH055zmWmamINJXVS
 H/hHuOrAMNe2+3Q/t1BGhMniRkiLLKYftBOtcM+cJzZJoUilo27T9AafApo8PiEMPFTt
 mhHA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:from:subject:date:message-id:to:mime-version;
 bh=QoyHAVPvxKLdWS9gprfPBPWSSvmHNHji7gCexaZIQaU=;
 b=eCCt5nihVnBrqB9VqyhEJa7RWtk0AMDFZptyxiay8BaqNFRl0dbie/Cc/TcNfD86tq
 cVyByYjBZkUzL1W/lkUdgCoQ889wcn76/3VHCYtDfIqr2gA2hoDR6uYTh2fKLAVsXDbt
 MlXTIUB6GZsIvJKgGvG3X657b5CSspoWr9zvCWJcfz14nXZHeDEPZ+70sajJldkmJiRL
 ocGRoQQXepZXKJLy3xTjkaCCzXF12sZCuQg1pRcTjA+nzg+YpvqrRqgvwB0/zwhXv0Bz
 aJwnLyeuIFy3GkVPPqbl3VPgSdtSoA0Ph4rZpa3pR/WXY+sikfKU1lYsd1tmdJhzKVxK
 uD/A==
X-Gm-Message-State: AEkoouvi+R4y4sWIzH878CJFwraOJqXwWkP63gp65VTg9kwfZCqpsYNflct/rO1B3PgBUA==
X-Received: by 10.66.78.35 with SMTP id y3mr20311936paw.40.1471668174816;
 Fri, 19 Aug 2016 21:42:54 -0700 (PDT)
Received: from jacks-mac.gateway (CPE-124-179-40-155.lns8.ken.bigpond.net.au.
 [124.179.40.155])
 by smtp.gmail.com with ESMTPSA id g21sm10030709pfj.88.2016.08.19.21.42.52
 for <tor-talk@lists.torproject.org>
 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Fri, 19 Aug 2016 21:42:53 -0700 (PDT)
From: teor <teor2345@gmail.com>
X-Pgp-Agent: GPGMail
Date: Sat, 20 Aug 2016 14:42:44 +1000
Message-Id: <68C9EB93-50FE-4DA2-9354-A46EA63C952B@gmail.com>
To: tor-talk@lists.torproject.org
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-Mailer: Apple Mail (2.3124)
Subject: [tor-talk]  tor 0.2.8.5-rc connecting to 18.0.0.1
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Reply-To: tor-talk@lists.torproject.org
Content-Type: multipart/mixed; boundary="===============0870602971146782027=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============0870602971146782027==
Content-Type: multipart/signed; boundary="Apple-Mail=_B67EFF2D-7F8B-4587-833C-8DB4F0DD48BA"; protocol="application/pgp-signature"; micalg=pgp-sha512


--Apple-Mail=_B67EFF2D-7F8B-4587-833C-8DB4F0DD48BA
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

arma wrote:

> On Fri, Aug 19, 2016 at 04:05:07AM +0100, landers at tutanota.com
>  wrote:
> > I'd like to ask why is tor-win32-0.2.8.5-rc.zip and =
torbrowser-install-6.5a2_en-US.exe connecting to 18.0.0.1 ?
> > [...]
> > is tor 0.2.8.5-rc binding a socket to 18.0.0.1 ? or is it something =
else?  if so why is this not on the changelog?
> > this was a bug 4 or 5 years ago for mac users, had a ticket and its =
been solved.
> > https://trac.torproject.org/projects/tor/ticket/1827
>=20
> Neat! It looks like that behavior is back.
>=20
> > the simple notion that tor connects to an ip with 18.0.0.1 seems =
unsettling specially when a old ticket solved the issue
> > although it was for mac users, i have never encounter this behavior =
before when using previous versions of TBB or tor packages in windows.
> > the other recent version "torbrowser-install-6.0.3_en-US.exe" =
(e8ca44a4d73bc0183973e3e7abbbaf546c2a1d2cae3df58b76e929332e02a277) =
simply
> > connects to 127.0.0.1 no other behavior is shown.
>=20
> Sounds like a regression. A search in the code for "18.0.0.1" led me =
to
> get_interface_address6_via_udp_socket_hack(). Looking at the recent
> commits that mention that function we have:
>=20
> https://trac.torproject.org/projects/tor/ticket/17950
>=20
> and
>=20
> https://trac.torproject.org/projects/tor/ticket/17951
>=20
> The ChangeLog entries are:
>=20
>   o Minor features (relay, address discovery):
>     - Add a family argument to get_interface_addresses_raw() and
>       subfunctions to make network interface address interogation more
>       efficient. Now Tor can specifically ask for IPv4, IPv6 or both
>       types of interfaces from the operating system. Resolves
>       ticket 17950.
>     - When get_interface_address6_list(.,AF_UNSPEC,.) is called and
>       fails to enumerate interface addresses using the =
platform-specific
>       API, have it rely on the UDP socket fallback technique to try =
and
>       find out what IP addresses (both IPv4 and IPv6) our machine has.
>       Resolves ticket 17951.
>=20
> That second one looks very related.

You're seeing this firewall warning due to a bugfix we released in Tor =
0.2.8.

Tor clients protect your anonymity across different networks by changing =
some details when your IP address changes. When the platform-specific =
functions for finding your local IP address fail, we now do an extra =
check to see if we can find your IP address.

I've just commented on =
https://trac.torproject.org/projects/tor/ticket/19945 , here's an =
excerpt:

Tor clients generate a new SSL certificate each time their IP address =
changes - this makes sure they can't be tracked across different  =
networks. (See client_check_address_changed for details.)

Tor uses two methods to find the address, GetAdaptersAddresses and the =
"UDP socket hack": asking the machine the local address of a UDP socket. =
For the hack to work, the socket has to be associated with a public IP =
address. Tor never sends data on the socket, it's entirely safe to block =
it with your firewall. Tor's just using it to check if your local =
address has changed.

...

In this case, it's likely that GetAdaptersAddresses failed to return any =
addresses, and to the UDP socket hack is being used to find the client =
IP address. To confirm this, please check the info-level logs for =
messages like:

Unable to load iphlpapi.dll
Unable to obtain pointer to GetAdaptersAddresses
GetAdaptersAddresses failed (result:

It would be great if a Windows dev could update the code in =
get_interface_addresses_win32 to correctly find the IP address on newer  =
systems. (We really, really need help from developers who can program on =
Windows!)

But this fix is not urgent. As far as I can tell, Tor is functioning as =
designed to make sure that users can't be linked when they change IP =
addresses. (Even though GetAdaptersAddresses isn't working.)

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org







--Apple-Mail=_B67EFF2D-7F8B-4587-833C-8DB4F0DD48BA
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXt9/EAAoJEEUMun+WjwlLBJAP/2AF3Nt9CqzcRLGOHV/ApinU
Rou3/09ZAFLVMr95ywPuNO7edhpuEkw3U/cr89KjxCu/ei+94lCGQQFybGIm/Ib9
Vf6AFgUeeXRtF73/3KS6b+aj7s2Ysep/9QCl/j9+dnixbN81AsaI7z/zt6oNMVr8
xG18jzDj8SOsl3NqOBdGkg9TGuRKZ3cLw4h+QQv2zzPOYVNk8QGGdv1GzGvVfZTt
Wh50dPj2Lt0I8VTcfZe1GVPWwcB/mqlppes4Ecu+EamqrezIKgVL/Xwj1Nf/r79Q
wVmhoMtRnmZtu2qUsljmWeIg/C1HgYf1/ebsol5MDAEzO4NkUeamdcvitH4XZBjL
GyycZK+0CKapgyHEskFGR6NDUwdjFvYSN1L9/5DVaarBVfYyLQOqMGYKMQJV2/Vm
hkYyxxq7vSiViza4agFHSnoB1FBp6QEAmVqDdZVINMNHk7stsVMi88/Se3yXUUCq
fmlzHAT97IQRSDntzGfoIs/+N6QOedCqhZDtxs6SBQOfovm9n6JcWo+WK/MGtXy2
/gUD8wS3E5ilJARUPUaZG3AjAEcQaz/t5SyaXm2Hwvp35bZ9mCV30dRUjo83fhCF
mm8SU2wf3Q+jpod8VOawlhprjCU4/SpFdDsOt4KTWZ/ZPBwgNalUkXUEhW6VOCYF
5Gk6DRtTrakGrcGGYDnO
=JG9W
-----END PGP SIGNATURE-----

--Apple-Mail=_B67EFF2D-7F8B-4587-833C-8DB4F0DD48BA--

--===============0870602971146782027==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnRvci10YWxrIG1haWxpbmcgbGlzdCAtIHRvci10YWxrQGxpc3RzLnRvcnByb2plY3Qub3Jn
ClRvIHVuc3Vic2NyaWJlIG9yIGNoYW5nZSBvdGhlciBzZXR0aW5ncyBnbyB0bwpodHRwczovL2xp
c3RzLnRvcnByb2plY3Qub3JnL2NnaS1iaW4vbWFpbG1hbi9saXN0aW5mby90b3ItdGFsawo=

--===============0870602971146782027==--

