[tor-bugs] #29174 [Core Tor/Tor]: Guard Node can eclipse the hidden service
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 11 19:22:15 UTC 2019
#29174: Guard Node can eclipse the hidden service
-----------------------------------+------------------------------------
Reporter: TBD.Chen | Owner: (none)
Type: defect | Status: new
Priority: Very High | Milestone:
Component: Core Tor/Tor | Version: Tor: 0.3.0.1-alpha
Severity: Critical | Resolution:
Keywords: guard, hidden service | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------------+------------------------------------
Comment (by mikeperry):
Interesting. This is another argument for Proposal 291 in my mind. A
single guard has too much power to induce DoS and other downtime signals
like this. The vanguards addon should similarly mitigate this attack, as
it uses 2 guards by default. The malicious guard would just cause
introduce1 timeouts on clients, but not be able to mount a full "eclipse"
DoS attack.
As for path bias -- it was designed to detect circuit failures caused by
the guard. This case is different because the circuit can become live and
successfully used for one or more initial introduce1 cells, and thus path
bias system will deem it successfully used. After that point, there is no
way for a client to determine if the circuit has just gone quiet because
no one is using the HS vs the guard simply not sending any more introduce1
cells on the circuit.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29174#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list