[tor-relays] 90% of exits vulnerable to TCP off-path attack

starlight.2016q3 at binnacle.cx starlight.2016q3 at binnacle.cx
Fri Aug 12 23:52:35 UTC 2016


At 12:01 8/12/2016 -0400, Zack Weinberg wrote:
>Also, if you read the paper, raising the global rate limit (as
>suggested by the reg. article) doesn't help; it only slows the
>attacker down a little.

The paper indicates that a global counter limit other than
100 can be easily discovered.  However the recommended
mitigation effectively removes the global counter by setting
it to 10^9.  The described attack requires the counter
be exhausted inside the temporal bounds of one second and the
Internet as it exists today cannot support 10^9 probes on
that deadline.

IMO the recommended mitigation is effective and should
be applied by those believing RFC-5961-as-presently-
implemented changes worse than the weaknesses addressed
by the RFC.  I applied the mitigation.



More information about the tor-relays mailing list