[tor-relays] Log warning : possible (zlib) compression bomb on middle relays

tor at uwu.lgbt tor at uwu.lgbt
Mon Nov 2 18:15:34 UTC 2020 

also saw this on my Tor exit dannydevito, but these messages only
appeared once in logs (UTC time)

Nov  2 04:21:44 <daemon.warn> dannydevito Tor: Possible zlib bomb;
abandoning stream.
Nov  2 04:22:42 <daemon.warn> dannydevito Tor: Possible compression
bomb; abandoning stream.
Nov  2 04:22:42 <daemon.warn> dannydevito syslogd: last message repeated
2 times
Nov  2 04:23:42 <daemon.warn> dannydevito Tor: Possible zlib bomb;
abandoning stream.
Nov  2 04:23:42 <daemon.warn> dannydevito Tor: Possible compression
bomb; abandoning stream.
Nov  2 04:23:42 <daemon.warn> dannydevito syslogd: last message repeated
3 times

On 11/3/20 05:59, Christoph Graf wrote:
>
> Same here on my bridge:
>
> Nov  2 06:21:04 raspipfupf Tor[2556]: Possible zlib bomb; abandoning
> stream.
> Nov  2 06:21:04 raspipfupf Tor[2556]: Possible zlib bomb; abandoning
> stream.
>
> Time is UTC+1, nothing before and after
>
> Cheers, Christoph
>
> On 02.11.20 11:05, Guinness wrote:
>> Hi all,
>>
>> We are at least 3 users running middle relays from 0.4.4.5 and after having
>> some logs like those :
>> ```
>> Nov 02 05:30:55.000 [warn] Possible compression bomb; abandoning stream.
>> Nov 02 05:30:55.000 [warn] Possible zlib bomb; abandoning stream.
>> Nov 02 05:30:56.000 [warn] Possible compression bomb; abandoning stream.
>> Nov 02 05:31:00.000 [warn] Possible compression bomb; abandoning stream.
>> Nov 02 05:31:00.000 [warn] Possible compression bomb; abandoning stream.
>> Nov 02 05:31:00.000 [warn] Possible compression bomb; abandoning stream.
>> Nov 02 05:31:55.000 [warn] Possible compression bomb; abandoning stream.
>> Nov 02 05:31:56.000 [warn] Possible compression bomb; abandoning stream.
>> ```
>>
>> I'm wondering if this is an attack or a new feature (haven't checked
>> yet) but I'd like to know how many users are impacted.
>>
>> The interesting informations are :
>>  * Number of warnings
>>  * What kind of relay it is (middle, exit, entry)
>>
>> After your answers, I'll complete the issue I have opened on the bug
>> tracker.
>>
>>
>> Cheers,
>>
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20201103/e5512323/attachment-0001.htm>

More information about the tor-relays mailing list