[tor-bugs] #26294 [Core Tor/Tor]: attacker can force intro point rotation by ddos

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Aug 19 15:46:09 UTC 2019


#26294: attacker can force intro point rotation by ddos
-------------------------------------------------+-------------------------
 Reporter:  arma                                 |          Owner:  asn
     Type:  defect                               |         Status:
                                                 |  merge_ready
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.4.2.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-hs, tor-dos, network-team-       |  Actual Points:  6
  roadmap-august                                 |
Parent ID:  #29999                               |         Points:  7
 Reviewer:  dgoulet                              |        Sponsor:
                                                 |  Sponsor27-must
-------------------------------------------------+-------------------------

Comment (by asn):

 Replying to [comment:28 nickm]:
 > IIRC, the problem would be if an attacker found an introduce cell that
 they were very interested in, and replayed it a lot in order to see which
 rendezvous point got a bunch of retries.

 Hm, I'd like some more help with understanding this attack. The replay
 cache refactored by this ticket is the one that protects against replays
 from the intro point. So assuming that a malicious intro can now do
 replays, how does it also have visibility on which rendezvous point gets
 the retries? And how does the knowledge of retry help the attacker get
 information about the client or the service?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26294#comment:29>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list