[tor-bugs] #13667 [Tor]: Prevent port scanning of hidden services
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jan 13 18:50:16 UTC 2015
#13667: Prevent port scanning of hidden services
------------------------+------------------------------------------
Reporter: arma | Owner:
Type: defect | Status: reopened
Priority: major | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version:
Resolution: | Keywords: SponsorR tor-hs 025-backport
Actual Points: | Parent ID:
Points: |
------------------------+------------------------------------------
Comment (by arma):
Replying to [comment:26 dgoulet]:
> Alice has a long lived connection to let say an IRC server on aaaa.onion
port 6667. Now, Alice receives an email saying "Hey, can you connect to
aaaa.onion:6668?" for which the HS does have that port in its exit policy.
So Alice, connects, the tor client reuses the RP circuit but on a wrong
port and blam the circuit is killed thus the long lasting connection.
I think you can do this automatically by having an img link in your
attacking page, which when Alice visits it, it blows away her existing irc
connection to that other service.
> A solution we thought of here is to pin a *good* virtual port on a
circuit and not accepting connections on it with an other port.
Right -- basically the proposed fix is to have one circuit per virtualport
Alice is reaching.
(It might be that we should re-close this ticket and open a new one for
the new issue.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13667#comment:27>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list