[tor-bugs] #24964 [Core Tor/Tor]: dos: Block single hop client at the HSDir
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jun 20 01:09:06 UTC 2019
#24964: dos: Block single hop client at the HSDir
--------------------------------------+------------------------------------
Reporter: dgoulet | Owner: dgoulet
Type: defect | Status: needs_revision
Priority: Medium | Milestone: Tor: 0.4.2.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-dos, tor2web, tor-hs | Actual Points: 0.1
Parent ID: #24962 | Points: 0.1
Reviewer: | Sponsor: Sponsor27-must
--------------------------------------+------------------------------------
Changes (by teor):
* status: needs_review => needs_revision
Comment:
This code will allow HSDir connections from relays that are not in the
consensus.
So an attacker could configure their client/onion service as an
unpublished relay to pass this check.
(I'm not sure if tor2web mode supports a relay on the same instance, but I
think it probably does.)
Do we want to allow this workaround?
We could check that the previous hop is a relay in the consensus.
If we do that check. then a small number of HSDir requests will fail, and
the client will try another HSDir with another circuit.
Do we want to pay this cost?
What do you think the beast tradeoff is?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24964#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list