[tor-bugs] #20212 [Core Tor/Tor]: Tor can be forced to open too many circuits by embedding .onion resources
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Sep 21 22:21:16 UTC 2016
#20212: Tor can be forced to open too many circuits by embedding .onion resources
------------------------------+-----------------
Reporter: gacar | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+-----------------
A malicious web page or an exit node* can force Tor to open too many new
circuits by embedding resources from multiple .onion domains.
I could observe up to 50 new circuits per second, and a total of a few
hundred circuits in less than a half minute.
The embedded HS domains don't need to exist, Tor will still open an new
internal circuit for each .onion domain to download the descriptors.
I guess forcing clients to make too many circuits may enable certain
attacks, even though the circuits are internal.
Maybe Tor (or Tor Browser) could cap the number of new circuits opened
within a time window. I can't think of a realistic use case for loading
resources from tens of different hidden services.
*: only when the connection is unencrypted HTTP
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20212>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list