Interesting problem with our Real-Time Tor Detection service we have discovered while testing our Cloak On! privacy service: some Tor exit nodes are not listed in the Tor cached-routers file, resulting in our service not correctly identifying the IP Address as a Tor node. We suspect it is related to the IP Address being listed in the Domain Name System as status NXDOMAIN, but have not yet confirmed this. It may even be an anomaly in the Tor system itself, but we will gather more evidence before we contact the Tor developers with our findings.
Our Cloak On! privacy service has an option to use the Tor network for http, https, and ftp access to any internet servers. We found ourselves yesterday coming from IP Address 149.9.0.27 which is apparently not a Tor node, but given that we were using the Tor network we knew that it must be a Tor node. We could see this was an IP Address owned by PSI (Performance Systems International) and apparently located in Washington, DC in the USA. But the DNS system advises this domain does not exist (status NXDOMAIN) and has no corresponding domain name. Traceroute fails to find 149.9.0.27 as though it is hidden behind some servers in some way we do not yet understand. Traceroute gets as far as Rethem.demarc.congentco.com (also owned and operated by Performance Systems International located in Washington, DC but registered to Cogent Communications) but no further.
Update! Just found a discussion thread about this issue on http://archives.seul.org/or/talk/Aug-2006/threads.html which seems to indicate this is something the Tor developers are aware of and working to resolve. It appears that both 149.9.xxx.xxx and 154.35.xxx.xxx are part of this anomaly. Good news. Will followup when we have more details...
Update Oct 7: Still no further developments on this issue. We believe there is a flaw in the Tor system that allows this, but do not yet understand enough to develop a way to counter it, and do not yet understand the comments about this issue posted by the Tor developers - which seem to indicate they do not consider this a significant issue!
Tuesday, August 29, 2006
Sunday, August 06, 2006
Tor Detection added to showmyip.com
Change of plans: we have now added Real-Time Tor Detection to showmyip.com in order to gain more exposure, and since we now have greater confidence in it's accuracy and speed. Until now we were going to finish the upgrade of our SOAP and simple interfaces on ippages.com before moving to showmyip.com but we are excited about this new capability and want to get the word out. Can you really blame us?!
And yes, now we will go back and get the SOAP interface on ippages.com for our IP Address Lookup subscribers upgraded. Thank you for your patience, Mr. Sweden, who has been politely reminding me that this needs to be done asap.
And yes, now we will go back and get the SOAP interface on ippages.com for our IP Address Lookup subscribers upgraded. Thank you for your patience, Mr. Sweden, who has been politely reminding me that this needs to be done asap.
Saturday, August 05, 2006
Tor Detection failures resolved
We have now tracked down and resolved the issue of Tor Detection not working in some instances. Tor Detection should now be working all the time. The issue was isolated to lookups on our HTML interface, and was failing when multiple lookups to the same IP Address or Domain name were done. The first lookup worked fine - subsequent lookups could not be counted on to be accurate.
Our XML lookup interface was not subject to this issue.
We also identified and fixed a few minor issues along the way, and were pleasantly surprised to find a way to speed up the Real-Time Tor Detection algorithm by 5 times - what previously required 4-5 seconds on average now takes about 1 second to accomplish the same thing.
Our XML lookup interface was not subject to this issue.
We also identified and fixed a few minor issues along the way, and were pleasantly surprised to find a way to speed up the Real-Time Tor Detection algorithm by 5 times - what previously required 4-5 seconds on average now takes about 1 second to accomplish the same thing.
Wednesday, August 02, 2006
Zone Transfers
We have now added Zone Transfer data to our ippages.com lookup service, but only to our HTML interface at this point. "Zones" are also known as "Subdomains", and typically represent the prefix names that are defined in front of a host name, as for example the "xml" in xml.ippages.com would be a "zone" if it pointed to it's own IP Address. In DNS terms, this is an "A" record.
What we recently discovered is that some host names have zone transfer data available to anyone who asks for it, so in these cases we are now showing it as part of the IP Address Lookup data. Try http://www.ippages.com/?domain=emachines.com to see an example (although if emachines.com becomes aware of this they will likely re-configure their name servers, and you will no longer be able to see their zone data).
showmyip.com will get this capability sometime later this month, and eventually our other IP Address lookup interfaces will as well.
What we recently discovered is that some host names have zone transfer data available to anyone who asks for it, so in these cases we are now showing it as part of the IP Address Lookup data. Try http://www.ippages.com/?domain=emachines.com to see an example (although if emachines.com becomes aware of this they will likely re-configure their name servers, and you will no longer be able to see their zone data).
showmyip.com will get this capability sometime later this month, and eventually our other IP Address lookup interfaces will as well.
Tor Detection failures
We have found that in some cases our Tor Detection service is not identifying Tor network nodes when it should be. Resolution of this anomaly has become our top priority for the short term. As best we can tell from our internal testing, network nodes are correctly identified most of the time, but we do not yet know what "most" precisely means, nor do we know what is causing the failure to detect.
This only affects users of ippages.com and only the XML and HTML interfaces. Our SOAP interface update has not yet been released, and showmyip.com has not yet been upgraded to do Tor Detection.
This only affects users of ippages.com and only the XML and HTML interfaces. Our SOAP interface update has not yet been released, and showmyip.com has not yet been upgraded to do Tor Detection.
Subscribe to:
Posts (Atom)