[tor-bugs] #8864 [Tor]: Hidden service: Suddenly the service does not respond to new connections (INTRODUCE2 cell on intro circ with no corresponding rend_intro_point_t)

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Apr 23 13:24:19 UTC 2015


#8864: Hidden service: Suddenly the service does not respond to new connections
(INTRODUCE2 cell on intro circ with no corresponding rend_intro_point_t)
-------------------------+-------------------------------------------------
     Reporter:  reiam    |      Owner:
         Type:  defect   |     Status:  needs_review
     Priority:  normal   |  Milestone:  Tor: 0.2.7.x-final
    Component:  Tor      |    Version:  Tor: 0.2.7
   Resolution:           |   Keywords:  tor-hs, 023-backport, 025-triaged,
Actual Points:           |  SponsorR, 027-triaged-1-in
       Points:  unclear  |  Parent ID:
-------------------------+-------------------------------------------------

Comment (by dgoulet):

 Replying to [comment:35 nickm]:
 > I think the code is fine here, but I have one question: is it perhaps
 risky to leak, by the closure of an IP circuit, that the HS has just
 fetched a new consensus?

 Two elements I think here could notice, client and IP.

 The IP doesn't know that this circuit is a specific HS with xyz.onion so
 at best it would know "one of the HS in the network" has maybe (could be a
 restart) a new consensus. But again that's not entirely true because if
 the circuit gets closed it's because the IP is out of the consensus but we
 are looking at it from the IP so that would mean an attacker firewalling
 heavily to prevent the IP from being in the consensus or modified tor?
 Could be crazy network issues I agree but...

 The client could maybe notice it by establishing every seconds a circuit
 to the IP and delaying the cells needed on it to keep it open to see if
 the HS would close it fast. You would learn in theory the exact time of
 the new consensus but only if the IP was removed from it.

 So yeah it seems that it would be possible from the client perspective to
 learn that as long as the IP is out of the consensus (which could be
 controlled by an attacker).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8864#comment:36>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list