teor teor2345@gmail.com wrote:
On 22 Sep 2017, at 23:03, relay 000 relay0@mailbox.org wrote:
Someone is using the hidden service rendezvous protocol to ask non-exit relays to scan non-tor IP addresses.
wow, people can misuse my *non*-exit relay to scan (aka send a TCP SYN packet) other systems on the internet?
Yes.
But please don't worry. Receiving unsolicited TCP connections is a normal part of running a server on the Internet. And anyone who sends unsolicited spammy emails in response lacks a sense of irony.
Here's how the Tor rendezvous protocol can be used like that:
People can pretend that they are a client or onion service that's connected to a particular relay address.
And then they can ask your relay to extend to that pretend relay address. There's no requirement that the relay is in the consensus that your relay has. And so your relay tries to establish a TLS connection, may or may not succeed, but definitely fails at the authentication step.
And then it tells the client it failed. Without providing much info at all. So it's pretty useless, honestly.
The alternative would be to require that every relay used in the rendezvous protocol is in the consensus. But which consensus?
- the consensus that the client has
- the consensus that the service has
- the consensus that the relay extending to the intro point has
- the consensus that the relay extending to the rend point has
It gets complicated fast.
There's another, more obvious reason, I think, than hidden services. Consider what happens during relay startup. The initializing relay attempts to build a number of circuits that connect back to itself for reachability and data rate testing, yet its descriptor may well not be in any relay's cached-descriptor* files, much less in either consensus document.
Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at sdf.org *xor* bennett at freeshell.org * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************