[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #26294 [Core Tor/Tor]: attacker can force intro point rotation by ddos
#26294: attacker can force intro point rotation by ddos
-------------------------------------------------+-------------------------
Reporter: arma | Owner: asn
Type: defect | Status:
| merge_ready
Priority: Medium | Milestone: Tor:
| 0.4.2.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-hs, tor-dos, network-team- | Actual Points: 6
roadmap-august, security, 042-should |
Parent ID: #29999 | Points: 7
Reviewer: dgoulet | Sponsor:
| Sponsor27-must
-------------------------------------------------+-------------------------
Comment (by arma):
Replying to [comment:33 arma]:
> The impact is a bit subtle/indirect, but it would for example allow
attacks where later you discover which rendezvous point a given
introduction attempt used.
For example, you could do this discovery by roving around the network
looking at relays and seeing if they receive the burst of rendezvous
attempts. Or you could run some fast inconsistent (i.e. not Guard) relays
and get chosen sometimes as the hop before the rendezvous cell, and since
our design doesn't use 'rendezvous guards', over time you become confident
that the rendezvous point is the one receiving the connections more often
than baseline.
If the intro point can guess what onion service it's an intro point for,
it can look up the descriptor, discover the ephemeral key for its intro
point, and do introductions itself. So the original goal was that if it
*doesn't* know what onion service it's introducing to, it can't cause the
onion service to make any circuits.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26294#comment:34>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs