[tor-relays] Log warning : possible (zlib) compression bomb on middle relays
Sven Schmeling
sven.schmeling at schmeling-ol.de
Mon Nov 2 13:45:07 UTC 2020
Hello,
same here on my middle relay running 0.4.4.5:
...
Nov 02 05:20:48.000 [warn] Possible compression bomb; abandoning stream.
Nov 02 05:20:48.000 [warn] Possible compression bomb; abandoning stream.
Nov 02 05:20:48.000 [warn] Possible compression bomb; abandoning stream.
Nov 02 05:21:49.000 [warn] Possible compression bomb; abandoning stream.
Nov 02 05:21:49.000 [warn] Possible zlib bomb; abandoning stream.
Nov 02 05:22:48.000 [warn] Possible compression bomb; abandoning stream.
Nov 02 05:22:49.000 [warn] Possible compression bomb; abandoning stream.
Nov 02 05:22:49.000 [warn] Possible zlib bomb; abandoning stream.
Nov 02 05:23:49.000 [warn] Possible zlib bomb; abandoning stream.
Nov 02 05:23:49.000 [warn] Possible zlib bomb; abandoning stream.
Nov 02 05:23:49.000 [warn] Possible compression bomb; abandoning stream.
Nov 02 05:23:49.000 [warn] Possible compression bomb; abandoning stream.
Nov 02 05:23:49.000 [warn] Possible compression bomb; abandoning stream.
....
Regards
Am 02.11.20 um 11:05 schrieb Guinness:
> Hi all,
>
> We are at least 3 users running middle relays from 0.4.4.5 and after having
> some logs like those :
> ```
> Nov 02 05:30:55.000 [warn] Possible compression bomb; abandoning stream.
> Nov 02 05:30:55.000 [warn] Possible zlib bomb; abandoning stream.
> Nov 02 05:30:56.000 [warn] Possible compression bomb; abandoning stream.
> Nov 02 05:31:00.000 [warn] Possible compression bomb; abandoning stream.
> Nov 02 05:31:00.000 [warn] Possible compression bomb; abandoning stream.
> Nov 02 05:31:00.000 [warn] Possible compression bomb; abandoning stream.
> Nov 02 05:31:55.000 [warn] Possible compression bomb; abandoning stream.
> Nov 02 05:31:56.000 [warn] Possible compression bomb; abandoning stream.
> ```
>
> I'm wondering if this is an attack or a new feature (haven't checked
> yet) but I'd like to know how many users are impacted.
>
> The interesting informations are :
> * Number of warnings
> * What kind of relay it is (middle, exit, entry)
>
> After your answers, I'll complete the issue I have opened on the bug
> tracker.
>
>
> Cheers,
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
More information about the tor-relays
mailing list