Hi all, Just got the below notice from researchers. Is the stated vulnerability an actively exploited problem or is this a DoS attack by scaremongering? This topic seems to have been covered in https://nusenu.medium.com/how-vulnerable-is-the-tor-network-to-bgp-hijacking... but i am not sure how to apply it to my situation. I have turned off the Guard capability for now. Doubtful i can influence the service provider to get them to publish a new ROA. Is there another mitigation? Regrets to all who were using the service :( -------- Forwarded Message -------- Subject: Potential vulnerability found in your Tor Relay Date: Thu, 18 Dec 2025 23:57:20 +0000 From: ENGR - SIDR Hello, We are writing to alert you that your Tor relay(s) (Pasquino3) is/are vulnerable to active BGP attacks that could be used to de-anonymize users. The best mitigation to help protect your relay is to have your service provider publish a ROA for prefix(es) 209.44.96.0/19 at AS(es) 10929 with a maxLength(s) of 19. We are researchers from the University of Connecticut reaching out to inform you that your Tor guard relay with IP address(es) 209.44.114.178 (Pasquino3) is/are currently covered by a Route Origin Authorization (ROA) which has an improperly configured maxLength attribute. This makes it vulnerable to BGP subprefix origin hijacks, where a malicious autonomous-system-level attacker may announce a subprefix of 209.44.96.0/19 and misdirect traffic destined with a high (>99%) rate of success. Guidance on how to correctly set the maxLength attribute is contained in https://datatracker.ietf.org/doc/html/rfc9319. We determined this vulnerability using public data sets including relay information from the Tor consensus, the RIPEStat data for IP prefix, and ROA coverage information. Feel free to contact us if you have further questions. For further information on ROAs, see https://www.ripe.net/manage-ips-and-asns/resource-management/rpki/bgp-origin... If you are not a Tor relay operator and this message reached you in error, please let us know. Thank you, UConn Secure Interdomain Routing Group