[tor-bugs] #13667 [Tor]: Prevent port scanning of hidden services
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jan 13 17:13:15 UTC 2015
#13667: Prevent port scanning of hidden services
------------------------+------------------------------------------
Reporter: arma | Owner:
Type: defect | Status: reopened
Priority: major | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version:
Resolution: | Keywords: SponsorR tor-hs 025-backport
Actual Points: | Parent ID:
Points: |
------------------------+------------------------------------------
Changes (by dgoulet):
* status: closed => reopened
* resolution: not a bug =>
Comment:
Ok so I'm here with syverson, robjansen and Roger discussing about this
one and a possible "attack" came up. Here is the scenario:
Alice has a long lived connection to let say an IRC server on aaaa.onion
port 6667. Now, Alice receives an email saying "Hey, can you connect to
aaaa.onion:6668?" for which the HS does have that port in its exit policy.
So Alice, connects, the tor client reuses the RP circuit but on a wrong
port and blam the circuit is killed thus the long lasting connection.
A solution we thought of here is to pin a *good* virtual port on a circuit
and not accepting connections on it with an other port.
Makes sense?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13667#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list