[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] «Possible compression bomb» from Authority?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] «Possible compression bomb» from Authority?
From: trinity pointard <trinity.pointard@xxxxxxxxx>
Date: Thu, 8 Jun 2023 00:26:18 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 07 Jun 2023 18:27:09 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686176815; x=1688768815; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=2h0E+6ULBtkx7qC/6KTJ42leSbwO5ekkpKRHQPM7KR0=; b=DZDkKYua4wM8TPEstZjFDhb4sGXH483hSFzYioPaF6+NfZvP5W1SVZyQHjSA3JZqPZ bwoep8Z05zajm/LUpvdaH2/8tJ5sxgT5DG7sqXmvv0pnoxjZvxLlStL+Z/IHubwbcghz rN5EQIbv21QPOzUxal4RFeb0At+oW1+HjsL6zJilnUfc+8f1Y+uKnfTTY4qK8e32Efss wFYHndz2z/4MqbkzvGavegDobVqIjjp5xUYPeRjgN3Q4cj5yvjawTQjtdZkw96GME7R0 iRiJvrIYRIhL1+ognN4mdZ8ZnBvXGqVmbk+rENxc8+mHhAhxEjrXV3KUwQU6IVL1HeHB COTw==
In-reply-to: <20230607180244.00000a50@quantentunnel.de>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <fd301f03-accc-47a7-8a29-e402cbce5eeb@posteo.de> <20230607180244.00000a50@quantentunnel.de>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi,

I get these warnings from time to time too. I believe they are rather
benign, though I wonder how a document with a 25:1 compression ratio
can happen in practice.

> Interestingly it's the dirport that
> ie requested. I thought the dirport is no longer in use - do the
> authorities still offer it?

Authorities still provide a dirport, and relays are supposed to use it
over a tunneled directory request. I believe some authority operators
put varnish (or some other caching reverse-proxy) in front of their
dirport, to limit the load of serving those files. At the very least,
it reduces the amount of crypto required (none vs an OR connection),
for data which is already public and signed anyway.

On Wed, 7 Jun 2023 at 18:03, Felix <zwiebel@xxxxxxxxxxxxxxxx> wrote:
>
> Hi
>
> > Jun 03 04:04:33.000 [warn] Possible compression bomb; abandoning
> > stream. Jun 03 04:04:33.000 [warn] Unable to decompress HTTP body
> > (tried Zstandard compressed, on Directory connection (client reading)
> > with 199.58.81.140:80).
>
> We see the compression bomb warning from time to time
>
> The address seems to be longclaw. Interestingly it's the dirport that
> ie requested. I thought the dirport is no longer in use - do the
> authorities still offer it?
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] «Possible compression bomb» from Authority?
  - From: Tschador
- Re: [tor-relays] «Possible compression bomb» from Authority?
  - From: Felix

Prev by Author: Re: [tor-relays] Comcast blocks ALL traffic with tor relays
Next by Author: [tor-relays] «Possible compression bomb» from Authority?
Previous by thread: Re: [tor-relays] «Possible compression bomb» from Authority?
Next by thread: [tor-relays] Providing metrics relevant to relay operators
Index(es):
- Author
- Thread