[tor-bugs] #15951 [Tor]: FairPretender: Pretend as any hidden service in passive mode
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri May 8 00:43:57 UTC 2015
#15951: FairPretender: Pretend as any hidden service in passive mode
------------------------+-----------------------------------------
Reporter: twim | Owner: twim
Type: defect | Status: new
Priority: major | Milestone:
Component: Tor | Version:
Resolution: | Keywords: tor, hs, descriptor, tor-hs
Actual Points: | Parent ID:
Points: |
------------------------+-----------------------------------------
Changes (by yawning):
* keywords: tor, hs, descriptor => tor, hs, descriptor, tor-hs
Comment:
So, while this should be fixed, I don't think this is major because fixing
it doesn't solve the fundamental problem of "users clicking the bad".
The basic (and IMO superior) version looks something like this:
0. Figure out, which HS you want to mount an attack on. (Eg:
examplehsabcdefg.onion)
1. Throw CUDA cores at getting a look-alike HS address. (Eg;
examplehsbcdefgh.onion)
2. Run your HS.
3. Spread your address as the real one.
4. Optionally DDOS the original, depends on what you are after, and how
many people fall for 3.
This will work without using any protocol level trickery, and fixing the
protocol level trickery doesn't prevent this. In both the "attack"
presented in the ticket and the one I illustrated, users falling for the
impersonation is the root problem.
As far as I am aware, there aren't good solutions to "users click on the
bad" that don't involve things like the CA mafia (which is what
"facebookcorewwwi.onion" does for example).
My inclination here would be to make sure that 224 actually does fix this,
and then lower the priority from "major", but I will defer to nickm et al
on this.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15951#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list