Public IP Addresses Now Exposed by Misconfigured Tor Sites

Posted on September 11, 2018 at 9:54 AM

Public IP Addresses Now Exposed by Misconfigured Tor Sites

Tor prides itself as a browser that keeps users’ IP addresses secret and private. However, security research has revealed that identifying the IP addresses of users is now pretty easy. Researchers say all that needs to be done to achieve this is to configure servers belonging to Dark Web wrongly.

A security researcher, Yonathan Klijnsma, working with RisKIQ has alerted Tor users to the possibility of knowing their IP addresses. The researcher noted that this is so because servers belonging to Dark Web has been misconfigured.

The common narrative before now is to say that Klijnsma is only trying to de-market Tor and other related services. However, this perception is hardly true. The researcher is merely calling the attention of Tor users to their vulnerability when using Tor. Perhaps, the alarm should be seen by the developers as a wake-up call too.

In Klijnsma’s submission, it is the Tor sites which have been misconfigured and which operate with SSL certificate that is responsible for IP exposure. And a lot of such sites exist according to his findings.

How a Normal Tor Server Works

Normally, if servers are configured correctly, Tor is not supposed to listen to other IP address except its local host. This local host is 127.0.01. But in the case of misconfigured servers, it was discovered that apart from listening to its local host, the Nginx or Apache server is capable of listening to other IP addresses. Such can include 0.0.0.0 or *

Proceeding in his explanation, Klijnsma says that things like this happen when a firewall is not used correctly. Nevertheless, the researcher says that such misconfigured servers are not difficult to identify.

Klijnsma was able to identify these erroneous servers by studying the internet and associating SSL certificates to their respective IP addresses. With this approach, he could determine which Tor services have been misconfigured and the associated IP addresses. In his own words, he told Bleeping Computer that “(It) means Tor connections will work obviously, but also external connections will as well.”

Tor Sites Have Been Leaking Addresses for Long

Each time SSL certificates become added to a website with an anonymous server, Klijnsma says .onion is usually added to the common name of the SSL certificates. And so, in the case of a misconfigured server, the SSL certificate is used.

From various indications, Tor may have been exposing the IP addresses of its users for long. Before now, another report on Tor’s vulnerability has revealed that many IP addresses of its browsers are not anonymous after all.

This vulnerability is explained thus: once a file://link link is clicked by a user, the user is normally re-directed to another webpage where they would be urged to create another link. This link allows Tor’s security architecture to be set aside.

Summary
Public IP Addresses Now Exposed by Misconfigured Tor Sites
Article Name
Public IP Addresses Now Exposed by Misconfigured Tor Sites
Description
Tor prides itself as a browser that keeps users’ IP addresses secret and private. However, security research has revealed that identifying the IP addresses of users is now pretty easy. Researchers say all that needs to be done to achieve this is to configure servers belonging to Dark Web wrongly.
Author
Publisher Name
Koddos
Publisher Logo

Related Stories:

Newsletter

Get the latest stories straight
into your inbox!

YOUTUBE