Zack Weinberg transcribed 1.3K bytes:
On Fri, Aug 12, 2016 at 11:27 AM, starlight.2016q3@binnacle.cx wrote:
RFC-5961 CVE-2016-5696 http://www.theregister.co.uk/2016/08/10/linux_tor_users_open_corrupted_commu... FYI all
Tor's use of TLS _should_ mean that the worst an attacker can do here is denial-of-service. The Register article suggests that they might also be able to force the use of specific exit relays (by disrupting connections that don't go through those relays) but weaponizing that against specific users (rather than everyone trying to use an exit the attacker doesn't like) strikes me as nontrivial.
The attack itself is quite brilliant. However, having read the paper [0] and discussed with other members of the network team, we're under the impression that the authors have a misunderstanding on how Tor's path selection algorithm functions.
Their idea is essentially: "when an connection between a middle relay and an exit relay fails, the *middle relay* chooses a new exit." The way this path selection actually works, when a connection fails, is that the client forgets the path of that circuit entirely, and goes back to step #1 of the algorithm, effectively choosing an entirely new path without any memory of the path chosen before. Since the selection of the nodes in this new path (and in fact, any path) is dependent on their bandwidth weight from the consensus, the client has just as much probability to select the same exit as they did the last time. Ergo, to use this attack to "funnel" Tor users into using a particular exit is of equal (or higher) difficulty (in terms of bandwidth of the nodes you would need to run) to conducting a Sybil attack on the whole network.
tl;dr: Running a Sybil attack would be more effective.
Also, if you read the paper, raising the global rate limit (as suggested by the reg. article) doesn't help; it only slows the attacker down a little.
The accepted patch [1] solves the issue, and does so by randomising the time window that the global variable applies to.
[0]: http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf [1]: https://github.com/torvalds/linux/commit/75ff39ccc1bd5d3c455b6822ab09e533c55...
Best regards,