[tor-bugs] #6800 [Tor Relay]: An attacker can flood network with new relays to make us stop using bwauth weights
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Sep 10 06:24:59 UTC 2012
#6800: An attacker can flood network with new relays to make us stop using bwauth
weights
-----------------------+----------------------------------------------------
Reporter: arma | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.4.x-final
Component: Tor Relay | Version:
Keywords: | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
The bwauths don't write out any opinions if they have stats on less than
some fraction (60%) of the relays.
So an attacker could induce this result by signing up n new relays to go
with the n current relays, causing all the bwauths to stop outputting
opinions.
In the current case that means we default to using the values in the relay
descriptors. Inefficient but not so bad.
In the future case (once we merge #2286), it means we default to capping
all new relays to a low number until the bwauths catch up again.
Authorities are willing to use the last published opinions file for 3 days
before they give up on it.
Is this a stable enough defense? During the flood the already-established
relays would continue to have the most recent bwauth weights, and the
bwauths have 3 days to catch up. Sounds plausible, but I'd like a few more
opinions.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6800>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list