[tor-bugs] #15515 [Tor]: Don't allow multiple INTRODUCE1s on the same circuit
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Mar 30 20:37:08 UTC 2015
#15515: Don't allow multiple INTRODUCE1s on the same circuit
--------------------+------------------------------------
Reporter: asn | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version:
Keywords: | Actual Points:
Parent ID: | Points:
--------------------+------------------------------------
Currently, it seems like clients are able to send multiple INTRODUCE1
cells to the IP. The result is that many INTRODUCE2 cells reach the HS,
which means that the HS will try to establish multiple rendezvous
circuits.
This gives a better position to attackers who want to flood a HS with
rendezvous circuits (like #15463), since with a single circuit they can
cause hundreds of rendezvous.
We should fix this in the IP-side, by closing the circuit after sending
the `INTRODUCE_ACK` to the client. An alternate behavior, is to change the
state of the circuit after `INTRODUCE1` is received and close it if more
such cells are received.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15515>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list