[tor-dev] Onion Service - Intropoint DoS Defenses
arma at torproject.org
Fri May 31 18:21:15 UTC 2019
On Fri, May 31, 2019 at 08:15:16PM +0200, juanjo wrote:
> As far as I understand INTRODUCE2 cells are sent by Introduction Points
> directly to the Hidden Service. But this only happens after a Client sends
> the INTRODUCE1 cell to the Introduction Point.
> Now the question is, do we allow more than 1 INTRODUCE1 per client circuit?
> If this is right, why? Or the attack is working because the client makes a
> new circuit/connection to the I.P. each time for sending a INTRODUCE1?
It's that second one. Some jerk is pretending to be many Tor users,
and since it's an anonymity system, it's hard to tell which ones are
the jerk and which ones are other users.
For the "oops you can send more than one intro1 cell per intro circuit"
bug, see https://bugs.torproject.org/15515 (fixed in Tor 0.2.4.27)
More information about the tor-dev