[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] 'relay early' attack logging at the infrastructure level?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] 'relay early' attack logging at the infrastructure level?
From: Nusenu <BM-2D8wMEVgGVY76je1WXNPfo8SrpZt5yGHES@xxxxxxxxxxxxx>
Date: Fri, 01 Aug 2014 21:37:02 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 01 Aug 2014 17:37:20 -0400
Dkim-signature: v=1; a=rsa-sha256; d=bitmessage.ch; s=mail; c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding; bh=IkqZgnXyZbsgJB8mhabHDSJi//9/20wb8J2/UHq/yTA=; b=YfHngDV2FtCwXdPhrl3eGgYk8Gx+dXab7161JN4jG5kdBE3x2jDbZpYOrpGAMIirjW1QP0GIWCp3X0bIhq+2cBtOWu3fh5gD+UVQ43hDB8p2jDN8XUyp2vkenyClRzhUZqs6reF056tSxv3B9OCRSdaWM0H39piQpxr2039rDfc=
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

quoting from [1]

> On July 30th, 2014 Anonymous said: Suppose my relay is running 
> 0.2.4.23, and suppose it's the middle hop between adversary's guard
>  node and adversary's hidden service directory. Will it kill
> circuits sending relay_early cells backwards? Or is that
> impossible, since it doesn't have the keys to decrypt that stream?
> 
> 
> On July 30th, 2014 arma said: It will indeed kill circuits if it 
> sees an inbound (towards the client) relay_early cell.
> 
> It doesn't have to decrypt the stream to see it, because whether a
>  cell is relay or relay_early is a property of the (per hop) link, 
> not a property of the (end-to-end) stream.

Does a patched relay also create a log entry as soon as it "kills" the
circuit or is logging only happening on tor instances acting as clients?



[1]
https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack#comment-66769
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJT3Ah+AAoJEDcK3SCCSvoeCG0QAIOSP+nM5C3hWie9i6FCtMuh
KDSXiLIfKPXCYQBaApmRuxBeoDeKI64s34x78nfpsx6t4UsqGsjIs7LcHWmJmQyR
dwAf+Vy1OAOp5tlu8bH0iXM7HBN+gVpBJjhglODAQYaPPIThMo1agNsz73Xzo8YT
Y5BTOgNmkFXsQksrDrUH7Uftd3BSxcIGyX1frW7KANy+rgrTLY/8sSWR3OqhiKoB
nOQX6lXxay3D04WT+d3AJe1UPGdGlMOe3rMAnbYuKldC9k7YtdLT+lwxTDhP46VP
2weCEJU792Y7WFxC92ShjdfNbZuymXaG38Gt2wUOoP2gUAZmOQdQJOG9NCa7RixO
sL67lDYPZDwi3wWYFYmHjuMiKD/lPtnrbYeeeurB4bUgpkFMJc1HE6+tGaQopxcW
27PRY6sJ54Jb2UM51qYKBlEkhRbWcxmm9YCjlnv9fv7LChBfmsVvW21oTPy71PUP
GOnjDDtaGx4Z13ID/eQrt5490m4lOV3mMbKcJ+A1ZPblPEZM797UpWxZdxVfBv9y
Teh8J9txKxZj6wnRGOxanLd103RIjhqN0m9Onc/ngD0BPKez+JXWlssSpQKDvH8L
ce0Yyyl+WKW9Ua8xRLvQM0NnuiY/Artc6kMIMu4Wc6fEgcgFa6PTihy7SwEg3Ekh
UP30c8uS6W+HOrfqp93I
=M7TC
-----END PGP SIGNATURE-----

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] 'relay early' attack logging at the infrastructure level?
  - From: Roger Dingledine

Prev by Author: Re: [tor-talk] Why make bad-relays a closed mailing list?
Next by Author: [tor-talk] BadDirectory flag in regard to HSDir
Previous by thread: [tor-talk] Is there an accepted doling rate for the size or bandwidth of the Tor network?
Next by thread: Re: [tor-talk] 'relay early' attack logging at the infrastructure level?
Index(es):
- Author
- Thread