diff options
| author | Nick Mathewson <nickm@torproject.org> | 2011-01-25 20:39:44 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-01-25 20:39:44 -0500 |
| commit | 411ec3c0f8cd4786233a3bc274cb2b766d4bfe7c (patch) | |
| tree | f48f77c8f33b73f9d386c87026c87b0d1a2055d1 /changes/bug2279 | |
| parent | 85da676108f0de765301f961bc58aebd139a5564 (diff) | |
| download | tor-411ec3c0f8cd4786233a3bc274cb2b766d4bfe7c.tar.gz tor-411ec3c0f8cd4786233a3bc274cb2b766d4bfe7c.zip | |
Add client code to detect attempts to connect to 127.0.0.1 etc
We detect and reject said attempts if there is no chosen exit node or
circuit: connecting to a private addr via a randomly chosen exit node
will usually fail (if all exits reject private addresses), is always
ill-defined (you're not asking for any particular host or service),
and usually an error (you've configured all requests to go over Tor
when you really wanted to configure all _remote_ requests to go over
Tor).
This can also help detect forwarding loop requests.
Found as part of bug2279.
Diffstat (limited to 'changes/bug2279')
| -rw-r--r-- | changes/bug2279 | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/changes/bug2279 b/changes/bug2279 index b796cda761..e0c23b3604 100644 --- a/changes/bug2279 +++ b/changes/bug2279 @@ -3,3 +3,11 @@ transparent proxy connection. Fixes bug 2279. Bugfix on Tor 0.1.2.1 alpha. + o Minor features + - Detect attempts at the client side to open connections to private + IP addresses (like 127.0.0.1, 10.0.0.1, and so on) with a randomly + chosen exit node. Attempts to do so are always ill-defined, generally + prevented by exit policies, and usually in error. This will also + help to detect loops in transparent proxy configurations. + + |