[tor-bugs] #17782 [Tor]: Relays may publish descriptors with incorrect IP address
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Dec 16 03:11:46 UTC 2015
#17782: Relays may publish descriptors with incorrect IP address
--------------------+------------------------------------
Reporter: fk | Owner:
Type: defect | Status: new
Priority: High | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version: Tor: unspecified
Severity: Major | Resolution:
Keywords: | Actual Points:
Parent ID: #17811 | Points:
Sponsor: |
--------------------+------------------------------------
Changes (by teor):
* parent: => #17811
Comment:
Replying to [comment:4 teor]:
> In #17850, the following mitigation was suggested:
> "Maybe a NATed OR should self-test its reachability before advertising
the new IP address."
>
> I wonder if this would be a DoS risk because it takes relays off the
network, but having them provide descriptors with the wrong address does
that anyway.
If we're going to do this, we should check:
* IPv4 ORPort reachability
* IPv4 DirPort reachability
(See #6939 for IPv6 reachability tests. If we ever discover our own IPv6
address (#5940), we should also make sure we re-do IPv6 reachability tests
before republishing the descriptor.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17782#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list