[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] 90% of exits vulnerable to TCP off-path attack

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] 90% of exits vulnerable to TCP off-path attack
From: Zack Weinberg <zackw@xxxxxxx>
Date: Fri, 12 Aug 2016 12:01:03 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 12 Aug 2016 17:33:26 -0400
In-reply-to: <6.2.5.6.2.20160812112453.047ff388@example.org>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <6.2.5.6.2.20160812112453.047ff388@example.org>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On Fri, Aug 12, 2016 at 11:27 AM,  <starlight.2016q3@xxxxxxxxxxx> wrote:
> RFC-5961
> CVE-2016-5696
> http://www.theregister.co.uk/2016/08/10/linux_tor_users_open_corrupted_communications/
> FYI all

Tor's use of TLS _should_ mean that the worst an attacker can do here
is denial-of-service.  The Register article suggests that they might
also be able to force the use of specific exit relays (by disrupting
connections that don't go through those relays) but weaponizing that
against specific users (rather than everyone trying to use an exit the
attacker doesn't like) strikes me as nontrivial.

Also, if you read the paper, raising the global rate limit (as
suggested by the reg. article) doesn't help; it only slows the
attacker down a little.

Right now I think one should not panic and should wait for the kernel
people to do a proper fix.

zw
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] 90% of exits vulnerable to TCP off-path attack
  - From: isis agora lovecruft
- Re: [tor-relays] 90% of exits vulnerable to TCP off-path attack
  - From: Roger Dingledine

References:
- [tor-relays] 90% of exits vulnerable to TCP off-path attack
  - From: starlight . 2016q3

Prev by Author: Re: [tor-relays] How to exclude a CDN ?
Next by Author: [tor-relays] Tiny computers (RPi-like) for exit nodes?
Previous by thread: [tor-relays] 90% of exits vulnerable to TCP off-path attack
Next by thread: Re: [tor-relays] 90% of exits vulnerable to TCP off-path attack
Index(es):
- Author
- Thread