[tor-relays] 'relay early' attack detection at the infrastructure level
Roger Dingledine
arma at mit.edu
Sat Aug 2 05:49:11 UTC 2014
On Sat, Aug 02, 2014 at 03:38:51PM +1000, Zenaan Harkness wrote:
> >> the RELAY_EARLY cell has common legitimate uses.
> >> How can we distinguish an attack from those?
> >
> > Correctly-behaving Tor relays never send RELAY_CELL cells backwards
> > (towards the client) on the circuit.
Gah. I should have written RELAY_EARLY above. Sorry for the confusion.
> > So if you see one, it's somebody not following the protocol.
>
> Might be a stupid question sorry, but why not just block such
> relay-early packets coming in the wrong direction?
New relays do block them. Actually they close the circuit and warn,
since once somebody has violated the protocol like this, it's unwise to
let them continue interacting with you.
Or is that what you meant?
--Roger
More information about the tor-relays
mailing list