[tor-bugs] #2667 [Tor Relay]: Exits should block reentry into the tor network

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Mon Mar 7 01:18:03 UTC 2011


#2667: Exits should block reentry into the tor network
-----------------------+----------------------------------------------------
 Reporter:  mikeperry  |          Owner:       
     Type:  defect     |         Status:  new  
 Priority:  normal     |      Milestone:       
Component:  Tor Relay  |        Version:       
 Keywords:             |         Parent:  #2664
   Points:             |   Actualpoints:       
-----------------------+----------------------------------------------------
 With proposal 110, we blocked the ability of Tor clients to use the Tor
 protocol for an unbounded amplification attack to destroy the Tor network.
 However, we still have not completely prevented this attack. It is still
 possible to tunnel tor over tor by using exits to connect back to other
 tor nodes. This property can still be used to execute the unbounded
 amplification attack on the Tor network, or just on the tor directory
 authorities.

 One fix for this would be to add code to exit nodes to implicitly add all
 of the IP + ORport combinations of all other relays to their exit policy
 reject lines, or otherwise block this connection at some other level.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2667>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list