[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] 'relay early' attack logging at the infrastructure level?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] 'relay early' attack logging at the infrastructure level?
From: Roger Dingledine <arma@xxxxxxx>
Date: Fri, 1 Aug 2014 17:43:38 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 01 Aug 2014 17:43:51 -0400
In-reply-to: <53DC087E.5070104@xxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <53DC087E.5070104@xxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.20 (2009-12-10)

On Fri, Aug 01, 2014 at 09:37:02PM +0000, Nusenu wrote:
> > On July 30th, 2014 arma said: It will indeed kill circuits if it 
> > sees an inbound (towards the client) relay_early cell.
> > 
> > It doesn't have to decrypt the stream to see it, because whether a
> >  cell is relay or relay_early is a property of the (per hop) link, 
> > not a property of the (end-to-end) stream.
> 
> Does a patched relay also create a log entry as soon as it "kills" the
> circuit or is logging only happening on tor instances acting as clients?

The patched relay also does a log message, yes.

But the relay can only see its immediate neighbor in the circuit, so it
will only log that. Whether the attacking relay is that (adjacent) one,
or one farther on the circuit, isn't something your relay can learn.

--Roger

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] 'relay early' attack logging at the infrastructure level?
  - From: Nusenu

Prev by Author: [tor-talk] TorCitadel: Testers with RaspberryPi needed for torified network of mail/jabber servers
Next by Author: [tor-talk] (FWD) ISC Update: StoryMaker
Previous by thread: [tor-talk] 'relay early' attack logging at the infrastructure level?
Next by thread: [tor-talk] (FWD) ISC Update: StoryMaker
Index(es):
- Author
- Thread