[tor-bugs] #8239 [Tor]: Hidden services should try harder to reuse their old intro points
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Oct 14 11:33:37 UTC 2014
#8239: Hidden services should try harder to reuse their old intro points
-----------------------------+-------------------------------------------
Reporter: arma | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Tor: 0.2.6.x-final
Component: Tor | Version:
Resolution: | Keywords: SponsorR tor-hs 026-triaged-1
Actual Points: | Parent ID:
Points: |
-----------------------------+-------------------------------------------
Comment (by asn):
Replying to [comment:8 arma]:
> Replying to [comment:6 asn]:
> > FWIW, it's also worth mentioning that making HSes more stubborn
towards old IPs might also allow guard discovery attacks from the IP. That
is the IP kills incoming circuits, till a compromised middle node is
selected, and since the HS is stubborn it will keep on establishing new
circuits.
>
> That's why you should only stick to your intro point when it's your
network that failed (that is, the connection between you and your guard),
not the intro circuit. (This is what I meant in the body of the bug in the
'main tricky point' sentence.)
Hm, indeed. Distinguishing network down events has been annoying also for
entry guard security (https://lists.torproject.org/pipermail/tor-
dev/2014-August/007346.html).
I wonder if this is an easier case though.
How many ways are there for an IP to terminate the intro circuit? Are they
enumerable?
If the IP closes the connection to its previous hop, will the other hops
report that it was the IP's fault that the circuit was destroyed?
Can the IP send an unexpected cell to the guard node, and force the guard
node to tear down the circuit? So that it looks like it's the fault of the
guard node?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8239#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list