Hi there,
today I found this warning in the log of my relay (6A7551EEE18F78A9813096E82BF84F740D32B911):
Jun 03 04:04:33.000 [warn] Possible compression bomb; abandoning stream. Jun 03 04:04:33.000 [warn] Unable to decompress HTTP body (tried Zstandard compressed, on Directory connection (client reading) with 199.58.81.140:80).
What does this mean?
Regards
On Samstag, 3. Juni 2023 18:18:46 CEST Tschador wrote:
today I found this warning in the log of my relay
Jun 03 04:04:33.000 [warn] Possible compression bomb; abandoning stream.
What does this mean?
A simple log message that the tord didn't unpack a Zip Bomp. DDOS protection in the Tor software I believe. https://en.wikipedia.org/wiki/Zip_bomb
Hi
Jun 03 04:04:33.000 [warn] Possible compression bomb; abandoning stream. Jun 03 04:04:33.000 [warn] Unable to decompress HTTP body (tried Zstandard compressed, on Directory connection (client reading) with 199.58.81.140:80).
We see the compression bomb warning from time to time
The address seems to be longclaw. Interestingly it's the dirport that ie requested. I thought the dirport is no longer in use - do the authorities still offer it?
Hi,
I get these warnings from time to time too. I believe they are rather benign, though I wonder how a document with a 25:1 compression ratio can happen in practice.
Interestingly it's the dirport that ie requested. I thought the dirport is no longer in use - do the authorities still offer it?
Authorities still provide a dirport, and relays are supposed to use it over a tunneled directory request. I believe some authority operators put varnish (or some other caching reverse-proxy) in front of their dirport, to limit the load of serving those files. At the very least, it reduces the amount of crypto required (none vs an OR connection), for data which is already public and signed anyway.
On Wed, 7 Jun 2023 at 18:03, Felix zwiebel@quantentunnel.de wrote:
Hi
Jun 03 04:04:33.000 [warn] Possible compression bomb; abandoning stream. Jun 03 04:04:33.000 [warn] Unable to decompress HTTP body (tried Zstandard compressed, on Directory connection (client reading) with 199.58.81.140:80).
We see the compression bomb warning from time to time
The address seems to be longclaw. Interestingly it's the dirport that ie requested. I thought the dirport is no longer in use - do the authorities still offer it? _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
Felix -
lists@for-privacy.net -
trinity pointard -
Tschador