[tor-relays] 'relay early' attack detection at the infrastructure level
krishna e bera
keb at cyblings.on.ca
Sat Aug 2 02:08:41 UTC 2014
On 14-08-01 06:58 PM, Nusenu wrote:
> [moved to tor-relays]
>
> Hi relay ops,
>
> please consider having a regular look at your logs after upgrading to
> the latest tor releases to spot relay_early attacks (even if the
> attack origin is not directly attributable from a relays point of view).
>
> searching your logs for
> 'Received an inbound RELAY_EARLY cell'
> should do it.
>
> https://gitweb.torproject.org/tor.git/commitdiff/68a2e4ca4baa595cc4595a511db11fa7ccbbc8f7
According to
https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
the RELAY_EARLY cell has common legitimate uses.
How can we distinguish an attack from those?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 530 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20140801/6791898b/attachment.sig>
More information about the tor-relays
mailing list