[tor-relays] 'relay early' attack detection at the infrastructure level

Zenaan Harkness zen at freedbms.net
Sat Aug 2 05:38:51 UTC 2014


On 8/2/14, Roger Dingledine <arma at mit.edu> wrote:
> On Fri, Aug 01, 2014 at 10:08:41PM -0400, krishna e bera wrote:
>> According to
>>
>> https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
>>
>> the RELAY_EARLY cell has common legitimate uses.
>> How can we distinguish an attack from those?
>
> Correctly-behaving Tor relays never send RELAY_CELL cells backwards
> (towards the client) on the circuit.
>
> So if you see one, it's somebody not following the protocol.

Might be a stupid question sorry, but why not just block such
relay-early packets coming in the wrong direction?


More information about the tor-relays mailing list