[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Re: Fwd: Potential vulnerability found in your Tor Relay

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] Re: Fwd: Potential vulnerability found in your Tor Relay
From: forest-relay-contact--- via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Date: Fri, 19 Dec 2025 09:47:59 -0000
In-reply-to: <a26cfb0f-5838-4702-92ff-a2475393ce6d@cyblings.on.ca>
List-id: "support and questions about running Tor relays (exit, non-exit, bridge)" <tor-relays.lists.torproject.org>
References: <a26cfb0f-5838-4702-92ff-a2475393ce6d@cyblings.on.ca>
Reply-to: forest-relay-contact@xxxxxxxxxxxxx
User-agent: HyperKitty on https://lists.torproject.org/

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello.

krishna e bera wrote:
> Is the stated vulnerability an actively exploited problem or is this
> a DoS attack by scaremongering?

My guess is it is neither. I would be that it's just some over-excited
researchers who want to get the news out about just how awful BGP is.
But, while it is "exploitable", there's not much that can be done with
it. All an attacker could do is cause the connections destined for your
relay to go to their servers instead. But crucially, they do not have
your relay key, so all other relays and clients would refuse to connect
to them.

I suppose it could be used in combination with a guard discovery attack
to deanonymize a small set of people if the attacker does not have any
access between you and the targets (and cannot buy NetFlow logs, etc.).
They could perform BGP hijacking then monitor which IPs are trying to
connect to them to discover if they are users of your guard. Such an
attack is very noisy and would not go unnoticed for long.

Think of it like a remote denial of service attack where the attackers
are also able to see who is getting denied.

> I have turned off the Guard capability for now.

You don't have to turn it off. It's still helpful to the network.

Regards,
forest
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvLrj6cuOL+I/KdxYBh18rEKN1gsFAmlFHysACgkQBh18rEKN
1gsQzRAAgsyP9JwTEdQUlnDC+f49rcvlrSzCSQ5bXIw5XofWcmvITWlX4/ll/sjE
x/GUEF5CEXI0EISosWNp2u+w3/BwYou0Zz/ihcrH+STACnt2OaD2x6Em2jEebYUU
+WKmIlCVqIlsBNr99KecS0QOz2pBUthkb1/sw6quwgPi/Yi2HIQpKzUXECJwgBbc
RpVZCE7xAGS1rsm2oNR3KDbUXGrbvY0WAOFxYbBtJtPvA3sbsWNIrMm6Q1QVqmf9
9j6cUP+aNs8uKi9BWLcEhQAv9Pb657IUvONHI90mq8aGz+iW3oN/bRFd/1XLUrL7
sE2zmuEvQsLDFEyZrK0eQTShtO7ZVT9D37AiBxUxIDM3XdDpCNgd9HqlVd0Nbr0G
j9aK2k3W+BdpptjHVTfaL/M9P9UePNMzuZTCTNsHygx3b8aJsOFuYKOAgitcfmYY
mkRjtW343IzKC67MCJEGe+qISodnnzXJ9iMiEj0gqNknOzbaJaZm0ndhDcTovijy
YiNVZ84H/+JA5DnRZ43JkXLTjitO+vZbWvR9obCs9fkgDXm6Z4CJadHiXCEkTwpj
UIySlPjq0au4ln2uzKoYO4fwSJ+M/sMbDVu9IxtL1UlENMBTd4v6XLUvv7T1SmT2
DUodg7WO2uzRfdpacm5uYafLh5mkAnCmc5ZLE6wkvsLArW0z/VQ=
=hGdW
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list -- tor-relays@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-relays-leave@xxxxxxxxxxxxxxxxxxxx

Follow-Ups:
- [tor-relays] Re: Fwd: Potential vulnerability found in your Tor Relay
  - From: Jonathan Proulx via tor-relays

References:
- [tor-relays] Fwd: Potential vulnerability found in your Tor Relay
  - From: krishna e bera via tor-relays

Prev by Author: [tor-relays] Re: abuse report from relays in family 7EAAC49A7840D33B62FA276429F3B03C92AA9327
Next by Author: [tor-relays] Relay forest18 is still not on the consensus
Previous by thread: [tor-relays] Re: Fwd: Potential vulnerability found in your Tor Relay
Next by thread: [tor-relays] Re: Fwd: Potential vulnerability found in your Tor Relay
Index(es):
- Author
- Thread