[tbb-bugs] #20212 [Applications/Tor Browser]: Tor can be forced to open too many circuits by embedding .onion resources
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Mar 23 18:39:26 UTC 2018
#20212: Tor can be forced to open too many circuits by embedding .onion resources
-------------------------------------------------+-------------------------
Reporter: gacar | Owner: tbb-
| team
Type: enhancement | Status: new
Priority: Medium | Milestone: Tor:
| unspecified
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: guard-discovery, | Actual Points:
TorBrowserTeam201803 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by asn):
Here is another attack from IRC arma: An attacker could also setup an
onion address that redirects you to another onion address which redirects
you to another onion address ad infinitum. This allows the attacker to
cause `n` onion loads in series, and if each page has `k` onions, this
allows attacker to cause `n*k` onion loads. That's both an optimization
but is also meant to work around any defences that try to restrict onion
address loads per origin.
Furthermore, depending on how stream isolation works, the above attack
could also work with IPs/domain addresses and not just onions.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20212#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list