[tor-relays] abuse email for non-exit relay (masergy)

Scott Bennett bennett at sdf.org
Sat Sep 23 06:03:47 UTC 2017 

teor <teor2345 at gmail.com> wrote:
>
> > On 22 Sep 2017, at 23:03, relay 000 <relay0 at mailbox.org> wrote:
> > 
> >> Someone is using the hidden service rendezvous protocol to ask non-exit
> >> relays to scan non-tor IP addresses.
> > 
> > wow, people can misuse my *non*-exit relay to scan (aka send a TCP SYN packet) other systems on the internet?
>
> Yes.
>
> But please don't worry. Receiving unsolicited TCP connections is a
> normal part of running a server on the Internet. And anyone who sends
> unsolicited spammy emails in response lacks a sense of irony.
>
> Here's how the Tor rendezvous protocol can be used like that:
>
> People can pretend that they are a client or onion service that's
> connected to a particular relay address.
>
> And then they can ask your relay to extend to that pretend relay
> address. There's no requirement that the relay is in the consensus that
> your relay has. And so your relay tries to establish a TLS connection,
> may or may not succeed, but definitely fails at the authentication step.
>
> And then it tells the client it failed. Without providing much info at
> all. So it's pretty useless, honestly.
>
> The alternative would be to require that every relay used in the
> rendezvous protocol is in the consensus. But which consensus?
> * the consensus that the client has
> * the consensus that the service has
> * the consensus that the relay extending to the intro point has
> * the consensus that the relay extending to the rend point has
>
> It gets complicated fast.
>
     There's another, more obvious reason, I think, than hidden services.
Consider what happens during relay startup.  The initializing relay attempts
to build a number of circuits that connect back to itself for reachability
and data rate testing, yet its descriptor may well not be in any relay's
cached-descriptor* files, much less in either consensus document.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:   bennett at sdf.org   *xor*   bennett at freeshell.org  *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************

More information about the tor-relays mailing list