[tor-relays] abuse email for non-exit relay (masergy)

[teor]

> On 22 Sep 2017, at 23:03, relay 000 <relay0 at mailbox.org> wrote:
> 
>> Someone is using the hidden service rendezvous protocol to ask non-exit
>> relays to scan non-tor IP addresses.
> 
> wow, people can misuse my *non*-exit relay to scan (aka send a TCP SYN packet) other systems on the internet?

Yes.

But please don't worry. Receiving unsolicited TCP connections is a
normal part of running a server on the Internet. And anyone who sends
unsolicited spammy emails in response lacks a sense of irony.

Here's how the Tor rendezvous protocol can be used like that:

People can pretend that they are a client or onion service that's
connected to a particular relay address.

And then they can ask your relay to extend to that pretend relay
address. There's no requirement that the relay is in the consensus that
your relay has. And so your relay tries to establish a TLS connection,
may or may not succeed, but definitely fails at the authentication step.

And then it tells the client it failed. Without providing much info at
all. So it's pretty useless, honestly.

The alternative would be to require that every relay used in the
rendezvous protocol is in the consensus. But which consensus?
* the consensus that the client has
* the consensus that the service has
* the consensus that the relay extending to the intro point has
* the consensus that the relay extending to the rend point has

It gets complicated fast.

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170922/115c71f0/attachment-0001.sig>