[tor-bugs] #26294 [Core Tor/Tor]: attacker can force intro point rotation by ddos
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Oct 1 12:42:36 UTC 2019
#26294: attacker can force intro point rotation by ddos
-------------------------------------------------+-------------------------
Reporter: arma | Owner: asn
Type: defect | Status:
| merge_ready
Priority: Medium | Milestone: Tor:
| 0.4.2.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-hs, tor-dos, network-team- | Actual Points: 6
roadmap-august, security |
Parent ID: #29999 | Points: 7
Reviewer: dgoulet | Sponsor:
| Sponsor27-must
-------------------------------------------------+-------------------------
Comment (by dgoulet):
After reviewing this thread, I personally feel like the trade off here in
favor of this patch is OK.
I'm not too worried about the `INTRO2` cell being used as a side channel
for the service Guard. We allow many more cells to do that, as in any
other HS cell not meant for an origin circuit for instance will be dropped
silently with that log info:
{{{
log_info(LD_PROTOCOL, "Dropping cell (type %d) for wrong circuit type.",
command);
}}}
The part that worries me more is the "make the service interact with the
tor network" as in opening RP circuits. But this will be for N
interactions where N is quite low since it can only be done when the
replay cache is reset which is drastically more with this patch.
My two cents: All in all, less IP rotation is a better compromise overall
than what we allow with regards to INTRO2 cell replay.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26294#comment:42>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list