[tor-bugs] #10221 [Tor]: Implement BGP malicious route checks before publishing descriptor in consensus
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Nov 23 09:43:26 UTC 2013
#10221: Implement BGP malicious route checks before publishing descriptor in
consensus
-------------------------+---------------------
Reporter: anon | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor | Version:
Keywords: BGP | Actual Points:
Parent ID: | Points:
-------------------------+---------------------
Alternatively, treat as normal and simply flag the BGP route as malicious
or not for the listed endpoints in a consensus.
This is in response to observed, repeated, malicious route jacking attacks
for specific address ranges through monkey-in-the-middle attackers.
"Malicious route jacking" is explicitly mentioned here as distinct from
anomalous route changes or advertisement behavior, nor does it encompass
benign incompetence affecting widespread route behavior of an
indiscriminate nature.
See also:
http://www.renesys.com/2013/11/mitm-internet-hijacking/
http://www.renesys.com/2010/11/chinas-18-minute-mystery/
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10221>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list