[tor-bugs] #31804 [Circumvention/Snowflake]: Authentication for proxy--bridge connections
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Sep 19 17:02:26 UTC 2019
#31804: Authentication for proxy--bridge connections
-----------------------------------------+--------------------
Reporter: cohosh | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Circumvention/Snowflake | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: Sponsor28 |
-----------------------------------------+--------------------
An DDoS attack surface was brought up in discussion on IRC yesterday (and
has been talked about to some extent before).
To summarize the issue:
The Snowflake bridge accepts websocket connections from any other endpoint
(this is in part necessary because anyone can be a proxy and we want as
many proxies as possible and the more ephemeral they are, the harder it is
for a censor to block all of them)
This means that an malicious party with the ability to distribute
malicious javascript can have unsuspecting clients execute javascript that
makes a websocket connection to the bridge and use the Tor network to
upgrade their websocket connection to a plain TCP connection.
This basically allows someone to use Tor in order to perform DDoS attacks
on TCP services, using malicious javascript as the attack vector. While
the effectiveness of this attack probably wouldn't be that good (all the
attack traffic would be congested through the single Snowflake bridge), it
could provide a way for a censor to more easily DDoS Snowflake itself.
We could provide some kind of authentication step involving the bridge,
broker, and snowflake proxy.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31804>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list