[tor-bugs] #2667 [Tor Relay]: Exits should block reentry into the tor network
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Mar 7 01:18:03 UTC 2011
#2667: Exits should block reentry into the tor network
-----------------------+----------------------------------------------------
Reporter: mikeperry | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Relay | Version:
Keywords: | Parent: #2664
Points: | Actualpoints:
-----------------------+----------------------------------------------------
With proposal 110, we blocked the ability of Tor clients to use the Tor
protocol for an unbounded amplification attack to destroy the Tor network.
However, we still have not completely prevented this attack. It is still
possible to tunnel tor over tor by using exits to connect back to other
tor nodes. This property can still be used to execute the unbounded
amplification attack on the Tor network, or just on the tor directory
authorities.
One fix for this would be to add code to exit nodes to implicitly add all
of the IP + ORport combinations of all other relays to their exit policy
reject lines, or otherwise block this connection at some other level.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2667>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list