[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Mixed pages - serious bug of tor



slush wrote:

    At first sight this appears to be an exit node problem but then, as I
    read it, you say it occurs with more than one exit node and only
    at this
    "higher" level of throughput.


I can repeat this problem (I could do it yesterday) by opening large amount of circuits between my computer and another exit nodes. Currently, I dont know, if take care, that I connected to many different exit nodes.


OK, understood. I thought you had specified the Python code you were
using.. it appears to use multiple exits.

>>><snip>
>>for i in range(300):
>>    ctl.extend_circuit(0,["sabotage", 'tortila'])
>>    ctl.extend_circuit(0,["Bellum", 'tortila'])
>>    ctl.extend_circuit(0,['mwserver', 'gpfTOR4'])
>>    ctl.extend_circuit(0,['mwserver', 'charlesbabbage'])


You need to try to identify the rogue exit node (or nodes) so we can
exclude it from our circuit builds. It could be an overflow but it could
be deliberate tampering admixture (not altogether uncommon on tor - it
happens every now and then). Try running repeatedly through only one
exit node at a time until you find the problem one.



    Alarm bells are ringing ... to mix streams up like this then
    streams at
    the "higher" throughput would have to be unencrypted clear streams
    - yes?


I dont think so. I think it is problem on exit node, when he mix together two requests (or say better -responses), then encrypt them and send to clients.

It really looks like normal buffer overflow problem - I can see another responses, which are pending on exit node, but not for me.
Yes, but my point was it had to be admixture of the "clear" unencrypted
streams rather than encrypted streams, otherwise you would get garbage
out. Buffer overflow or not.


    This would mean that either all tor exits are vulnerable and are
    mixing
    the streams. Or that traffic is being passed wholesale *-unencrypted-*
    between nodes (so that nodes other than the exit nodes are doing the
    mixing).


I dont think so, as I wrote above.


Maybe, but I gave the only 2 options to consider, this defines the scope
of the problem not the probability..

    Sh*ttt.. whatever.. this is a major BUG.


Yes, it is. The worst is, that you dont need anything special to simulate this problem. What you need is two years old notebook and 256kbit upload on internet connection (my case).

Regards,
Marek

I guess that many of my page requests (I'm on 4mb broadband with dual
processor) should be getting this kinda error, but I do not. I just see
it once in a while (maybe once every 200+ pages) and then I try to zap
the exit node if it occurs repeatedly. This makes me wonder why you are
getting it so often.