[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] 'relay early' attack detection at the infrastructure level



On 8/2/14, Roger Dingledine <arma@xxxxxxx> wrote:
> On Fri, Aug 01, 2014 at 10:08:41PM -0400, krishna e bera wrote:
>> According to
>>
>> https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
>>
>> the RELAY_EARLY cell has common legitimate uses.
>> How can we distinguish an attack from those?
>
> Correctly-behaving Tor relays never send RELAY_CELL cells backwards
> (towards the client) on the circuit.
>
> So if you see one, it's somebody not following the protocol.

Might be a stupid question sorry, but why not just block such
relay-early packets coming in the wrong direction?
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays