[tor-relays] 'relay early' attack detection at the infrastructure level
Roger Dingledine
arma at mit.edu
Sat Aug 2 03:48:50 UTC 2014
On Fri, Aug 01, 2014 at 10:08:41PM -0400, krishna e bera wrote:
> According to
>
> https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
>
> the RELAY_EARLY cell has common legitimate uses.
> How can we distinguish an attack from those?
Correctly-behaving Tor relays never send RELAY_CELL cells backwards
(towards the client) on the circuit.
So if you see one, it's somebody not following the protocol.
--Roger
More information about the tor-relays
mailing list