[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] 'relay early' attack detection at the infrastructure level

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] 'relay early' attack detection at the infrastructure level
From: Roger Dingledine <arma@xxxxxxx>
Date: Fri, 1 Aug 2014 23:48:50 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 01 Aug 2014 23:49:02 -0400
In-reply-to: <53DC4829.6040109@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <53DC087E.5070104@xxxxxxxxxxxxx> <20140801214338.GG8819@xxxxxxxxxxxxxx> <53DC1B7A.7020304@xxxxxxxxxxxxx> <53DC4829.6040109@xxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.20 (2009-12-10)

On Fri, Aug 01, 2014 at 10:08:41PM -0400, krishna e bera wrote:
> According to
> 
> https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
> 
> the RELAY_EARLY cell has common legitimate uses.
> How can we distinguish an attack from those?

Correctly-behaving Tor relays never send RELAY_CELL cells backwards
(towards the client) on the circuit.

So if you see one, it's somebody not following the protocol.

--Roger

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] 'relay early' attack detection at the infrastructure level
  - From: Zenaan Harkness

References:
- [tor-relays] 'relay early' attack detection at the infrastructure level
  - From: Nusenu
- Re: [tor-relays] 'relay early' attack detection at the infrastructure level
  - From: krishna e bera

Prev by Author: [tor-relays] New router, new IP address
Next by Author: Re: [tor-relays] 'relay early' attack detection at the infrastructure level
Previous by thread: Re: [tor-relays] 'relay early' attack detection at the infrastructure level
Next by thread: Re: [tor-relays] 'relay early' attack detection at the infrastructure level
Index(es):
- Author
- Thread