[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #26294 [Core Tor/Tor]: attacker can force intro point rotation by ddos

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #26294 [Core Tor/Tor]: attacker can force intro point rotation by ddos
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 19 Aug 2019 15:46:09 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 19 Aug 2019 11:46:18 -0400
In-reply-to: <044.c7d910558f32eb62da3b64e32712b8c8@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.c7d910558f32eb62da3b64e32712b8c8@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#26294: attacker can force intro point rotation by ddos
-------------------------------------------------+-------------------------
 Reporter:  arma                                 |          Owner:  asn
     Type:  defect                               |         Status:
                                                 |  merge_ready
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.4.2.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-hs, tor-dos, network-team-       |  Actual Points:  6
  roadmap-august                                 |
Parent ID:  #29999                               |         Points:  7
 Reviewer:  dgoulet                              |        Sponsor:
                                                 |  Sponsor27-must
-------------------------------------------------+-------------------------

Comment (by asn):

 Replying to [comment:28 nickm]:
 > IIRC, the problem would be if an attacker found an introduce cell that
 they were very interested in, and replayed it a lot in order to see which
 rendezvous point got a bunch of retries.

 Hm, I'd like some more help with understanding this attack. The replay
 cache refactored by this ticket is the one that protects against replays
 from the intro point. So assuming that a malicious intro can now do
 replays, how does it also have visibility on which rendezvous point gets
 the retries? And how does the knowledge of retry help the attacker get
 information about the client or the service?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26294#comment:29>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #31559 [Core Tor/Tor]: test-timers fail on maint-0.2.9
Next by Author: Re: [tor-bugs] #31356 [Core Tor/Tor]: 0.4.1 relays should list Padding=2
Previous by thread: Re: [tor-bugs] #26294 [Core Tor/Tor]: attacker can force intro point rotation by ddos
Next by thread: [tor-bugs] [Tor Bug Tracker & Wiki] Batch modify: #31320, #31319
Index(es):
- Author
- Thread