[tor-bugs] #2576 [Analysis]: Can we try to extend from the bridge to a website and learn if the website is reachable?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jan 27 03:30:14 UTC 2016
#2576: Can we try to extend from the bridge to a website and learn if the website
is reachable?
----------------------+-------------------------
Reporter: arma | Owner:
Type: task | Status: closed
Priority: Medium | Milestone:
Component: Analysis | Version:
Severity: Normal | Resolution: wontfix
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
----------------------+-------------------------
Comment (by teor):
Replying to [comment:7 rransom]:
> As I mentioned on #3520, all `TRUNCATED` cells currently result in a
`CIRC FAILED` event with `REMOTE_REASON=OR_CONN_CLOSED`. That will need
to be fixed before we can hope to distinguish between ‘unable to complete
TCP handshake’ and ‘opened TCP connection but got wrong TLS
handshake/cert’.
Making this change would enable all sorts of port scanning attacks through
Tor.
The fact that we don't distinguish between these cases made #8976 much
less of a security risk.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2576#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list