[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #20212 [Applications/Tor Browser]: Tor can be forced to open too many circuits by embedding .onion resources

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #20212 [Applications/Tor Browser]: Tor can be forced to open too many circuits by embedding .onion resources
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 23 Mar 2018 18:39:26 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 23 Mar 2018 14:39:48 -0400
In-reply-to: <045.8ab20cfbee33d8543acdd05a3dc72361@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.8ab20cfbee33d8543acdd05a3dc72361@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#20212: Tor can be forced to open too many circuits by embedding .onion resources
-------------------------------------------------+-------------------------
 Reporter:  gacar                                |          Owner:  tbb-
                                                 |  team
     Type:  enhancement                          |         Status:  new
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  unspecified
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  guard-discovery,                     |  Actual Points:
  TorBrowserTeam201803                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by asn):

 Here is another attack from IRC arma: An attacker could also setup an
 onion address that redirects you to another onion address which redirects
 you to another onion address ad infinitum. This allows the attacker to
 cause `n` onion loads in series, and if each page has `k` onions, this
 allows attacker to cause `n*k` onion loads. That's both an optimization
 but is also meant to work around any defences that try to restrict onion
 address loads per origin.

 Furthermore, depending on how stream isolation works, the above attack
 could also work with IPs/domain addresses and not just onions.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20212#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #25552 [Core Tor/Tor]: prop224: Onion service rev counters are useless and actually harmful for scalability
Next by Author: Re: [tor-bugs] #25539 [Applications]: MacOS Tor fails to restart after new download
Previous by thread: Re: [tor-bugs] #20212 [Applications/Tor Browser]: Tor can be forced to open too many circuits by embedding .onion resources
Next by thread: Re: [tor-bugs] #20212 [Applications/Tor Browser]: Tor can be forced to open too many circuits by embedding .onion resources
Index(es):
- Author
- Thread