[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Mixed pages - serious bug of tor



At first sight this appears to be an exit node problem but then, as I
read it, you say it occurs with more than one exit node and only at this
"higher" level of throughput.

I can repeat this problem (I could do it yesterday) by opening large amount of circuits between my computer and another exit nodes. Currently, I dont know, if take care, that I connected to many different exit nodes.

Alarm bells are ringing ... to mix streams up like this then streams at
the "higher" throughput would have to be unencrypted clear streams - yes?

I dont think so. I think it is problem on exit node, when he mix together two requests (or say better -responses), then encrypt them and send to clients.

It really looks like normal buffer overflow problem - I can see another responses, which are pending on exit node, but not for me.
 
This would mean that either all tor exits are vulnerable and are mixing
the streams. Or that traffic is being passed wholesale *-unencrypted-*
between nodes (so that nodes other than the exit nodes are doing the
mixing).

I dont think so, as I wrote above.

Sh*ttt.. whatever.. this is a major BUG.

Yes, it is. The worst is, that you dont need anything special to simulate this problem. What you need is two years old notebook and 256kbit upload on internet connection (my case).

Regards,
Marek