[tor-relays] Network scan results for CVE-2016-5696 / RFC5961

Ivan Markin twim at riseup.net
Sat Dec 10 21:26:00 UTC 2016


pa011:
> Could you give some explanation please on the difference between:

> -lots of challenge ACKs
received exactly the same number of chacks as number of sent RSTs (fixed
kernel, sysctl workaround, ...)
> -one challenge ACK
received just one chack during this connection
> -two challenge ACKs
received one chack after first RST burst, another one after second burst
> -vulnerable
100chacks/s rate limit was hit twice
> -zero challenge
RFC5961 is not supported
> -multiple challenge ACKs
anything else, i.e. there are some random number of chacks received but
less than number of sent RSTs, probably rate-limited

Current (these) definitions are here [1]. But they are a subject of
change, because I'm trying to improve scanning method (separating
counters for each of bursts).

[1] https://github.com/nogoegst/grill/blob/master/verdict/verdict.go
--
Ivan Markin


More information about the tor-relays mailing list