Tor and IIS

Discussion in 'privacy technology' started by ssx, Aug 13, 2012.

Thread Status:
Not open for further replies.
  1. ssx

    ssx Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    3
    Hi all,

    This is my first post, so hello. I was hoping if someone could shed some light on what's happening in the following scenario.

    I've been experimenting with the tor browser and iis and have come across some unexpected results. I created a very basic asp.net page which dumps the server side variables to the client on each request. I then published the site to app harbor and proceeded to access it via both an unguarded chrome browser and via the tor browser. The results were extremely surprising (only interesting values shown):

    Chrome:
    REMOTE_ADDR=10.12.115.157

    REMOTE_HOST=10.12.115.157

    HTTP_X_FORWARDED_FOR=3.102.219.70

    Tor Browser:

    HTTP_X_FORWARDED_FOR=77.247.181.165

    REMOTE_ADDR=10.12.115.157

    REMOTE_HOST=10.12.115.157

    So you can see, the REMOTE_ADDR and REMOTE_HOST via both chrome and the tor browser are the same and both reveal my real ip address, concerning! When I visit well know ip address sites that reveal your ip, the ip address shown is the value of the HTTP_X_FORWARDED_FOR header.....but my simple asp.net app that took about 2 minutes to write is correctly the display the REAL ip of my connection.

    Does anyone have any idea what's going on here? I would really appreciate your thoughts.

    Edit: if anyone wants to try for themselves, a test site can be found at: http://iptestweb.apphb.com/

    Many thank
    ssx
     
    Last edited: Aug 13, 2012
  2. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    Interesting indeed in regards to Tor. So you are saying the forwarding address appearing in the header is actually your IP address? After making even 1 hop I would have thought your address would have been removed from the header, and if any address appeared in the header at all it would have been the address of the exit node from the Tor network. Even if it only made 1 hop it should have removed your IP address from the header if my understanding is correct of how the Tor network operates. If what you say is indeed true then Tor would not offer any anonymity at all. Are you seeing this info on the ASP.net site you created from the dumped info or are you seeing this info locally on the machine you are using to visit the site? If this is true you should report this to Tor. I would love love to hear there feedback on this. If its that easy to get someones IP address when using Tor then I can't think of any good reason to even use it. It doesn't encrypt your connection so its easy to sniff your info from the exit node as it is.
     
  3. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    Is this the page you created?
     
  4. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    I just tried Tor, and my paid VPN service with the link you referenced above. It did not leak my actual IP address using either. Your problem appears to be local with your machine or configuration. The forwarded address appearing in the header was from the Tor exit node. Did you test your Tor Browser at https://check.torproject.org to see if it is actually routing your request through the Tor network?
     
  5. ssx

    ssx Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    3
    Hi,

    Yep, thats the website I created. The forward for header shows the ip address that is shown by https://check.torproject.org/, which confirms I'm using the tor network.

    The site I created displays my REAL ip address however in the remote_addr and remote_host headers. So, even though I'm using the tor browser and the check page says I'm using the Tor network, my ip is being leaked.

    Very strange!
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    The IP address (10.12.115.157) that you get for REMOTE_ADDR and REMOTE_HOST is not a public Internet address, because it's in the 10.*.*.* range that's reserved for private networks. I suspect that it's somehow part of your test site.

    When I access your test site via VPN, I get an address in 10.*.*.* that I don't recognize for REMOTE_ADDR and REMOTE_HOST. For HTTP_X_FORWARDED_FOR, I get my VPN's exit IP address.
     
  7. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    ssx, i don't know how this is possible that it is revealing your assigned IP address from your ISP. Are you using default settings with the Tor Browser Bundle? Are you using any additional plugins that did not come with the Tor Browser? Maybe a plugin could compromise your anonymity. What OS are you using? I'm dumfounded on this one. You may have to contact Tor. If you use another VPN service then try it, and see if it reveals your IP as well. Btw.. I like the site you created. Do you plan on keeping it up?
     
  8. ssx

    ssx Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    3
    Mystery solved!

    I should have picked up on this, lets blame a long day! :rolleyes:

    My host is obviously using a load balancer or proxy and so the address that I'm seeing against the two remote headers is that of the load balancer. The actual IP of the connection is being shown in the forward for header.

    When connecting via tor, I do see the ip of the exit node in the forward for header.

    When connecting without tor, I see the my public ip in the forward for header.

    This is as expected. I think my misinterpretation of the headers was caused by the fact that I falsely assumed that the IP I was seeing recorded against the remote headers was my real IP, apologies, I should have checked my real IP before making a post.

    See the following two posts for more info on this, hopefully my mistake will help enlighten others:

    http://support.appharbor.com/discussions/problems/681-requestuserhostaddress

    https://github.com/trilobyte/Premotion-AspNet-AppHarbor-Integration/issues/6

    Thanks for the help.
     
  9. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    Are you using load balancing locally? My Netgear Prosecure has load balancing, but I don't use it. I still would not want it to be showing that info from a remote source.
     
Loading...
Thread Status:
Not open for further replies.