[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] 'relay early' attack detection at the infrastructure level

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] 'relay early' attack detection at the infrastructure level
From: Zenaan Harkness <zen@xxxxxxxxxxxx>
Date: Sat, 2 Aug 2014 16:14:41 +1000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 02 Aug 2014 02:14:58 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=6bTrLF9aZNitLAUim/WTRstVICk3p8/gJz6yRU6fgdE=; b=htyww30jIEj33RWxGcflw/9mv9CPFpGbY4+3Lhha90lL5iXAVoO6AlTuHY+pCWQFHv aPfGurjVzfuhlLzuw20aImNOouyOFDz1cs4M8rd7//OPFiEWcD+XX5S0jbtbd74LWMBb Giuc6Pl4GIpcS5Eh8n57nbPRonNHhmtWFt8C+27DJcdwr8geeYNxE/5hxMIuarzJg+Fd mRZCwKf1oO82++lYMtBtRUGr7sMYHsFIH8Ssxf+6X0GJ3dOXTerin0t/EGIrH2rpPxu8 hkGV+uqs3+uhlLUvIKTBRVIuqph87fYmzAl4EQ6O4ugRTXropyCLcd4FdFGOJ0b4g5UZ 42Tw==
In-reply-to: <20140802054911.GJ8819@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <53DC087E.5070104@xxxxxxxxxxxxx> <20140801214338.GG8819@xxxxxxxxxxxxxx> <53DC1B7A.7020304@xxxxxxxxxxxxx> <53DC4829.6040109@xxxxxxxxxxxxxx> <20140802034850.GH8819@xxxxxxxxxxxxxx> <CAOsGNSSRnVBRzh7ekpGVXcNDOwmRTVwwAQVLxovoUBA=jCHO_g@xxxxxxxxxxxxxx> <20140802054911.GJ8819@xxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On 8/2/14, Roger Dingledine <arma@xxxxxxx> wrote:
> On Sat, Aug 02, 2014 at 03:38:51PM +1000, Zenaan Harkness wrote:
>> >> the RELAY_EARLY cell has common legitimate uses.
>> >> How can we distinguish an attack from those?
>> >
>> > Correctly-behaving Tor relays never send RELAY_CELL cells backwards
>> > (towards the client) on the circuit.
>
> Gah. I should have written RELAY_EARLY above. Sorry for the confusion.
>
>> > So if you see one, it's somebody not following the protocol.
>>
>> Might be a stupid question sorry, but why not just block such
>> relay-early packets coming in the wrong direction?
>
> New relays do block them. Actually they close the circuit and warn,
> since once somebody has violated the protocol like this, it's unwise to
> let them continue interacting with you.
>
> Or is that what you meant?

ACK. Thanks.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] 'relay early' attack detection at the infrastructure level
  - From: Nusenu
- Re: [tor-relays] 'relay early' attack detection at the infrastructure level
  - From: krishna e bera
- Re: [tor-relays] 'relay early' attack detection at the infrastructure level
  - From: Roger Dingledine
- Re: [tor-relays] 'relay early' attack detection at the infrastructure level
  - From: Zenaan Harkness
- Re: [tor-relays] 'relay early' attack detection at the infrastructure level
  - From: Roger Dingledine

Prev by Author: Re: [tor-relays] 'relay early' attack detection at the infrastructure level
Previous by thread: Re: [tor-relays] 'relay early' attack detection at the infrastructure level
Next by thread: [tor-relays] Learn Linux free for beginners
Index(es):
- Author
- Thread