[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #8670 [EFF-HTTPS Everywhere]: SSL Observatory request flood (Firefox)
#8670: SSL Observatory request flood (Firefox)
----------------------------------+-----------------------------------------
Reporter: karukoff | Owner: pde
Type: defect | Status: new
Priority: normal | Milestone:
Component: EFF-HTTPS Everywhere | Version: HTTPS-E 3.1.4
Keywords: | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
I am using HTTPS Everywhere 3.1.4 and Firefox 20.0 under Linux. While
browsing, I noticed that my browsing suddenly got really slow. All
websites would resolve, but data transfer was really slow or stalled
altogether, so no pages would finish loading.
I checked tcpdump to see what was going on, and this is what I saw
(snippet, goes on like this for as long as tcpdump was running):
`19:27:45.224467 IP 192.168.1.65.53664 > 64.147.188.18.443: Flags [S], seq
814724169, win 14600, options [mss 1460,sackOK,TS val 2193005 ecr
0,nop,wscale 7], length 0
19:27:45.307799 IP 192.168.1.65.53647 > 64.147.188.18.443: Flags [S], seq
298083676, win 14600, options [mss 1460,sackOK,TS val 2193030 ecr
0,nop,wscale 7], length 0
19:27:45.394473 IP 192.168.1.65.53595 > 64.147.188.18.443: Flags [S], seq
3914974079, win 14600, options [mss 1460,sackOK,TS val 2193056 ecr
0,nop,wscale 7], length 0
19:27:45.394487 IP 192.168.1.65.53596 > 64.147.188.18.443: Flags [S], seq
1679001607, win 14600, options [mss 1460,sackOK,TS val 2193056 ecr
0,nop,wscale 7], length 0
19:27:45.394492 IP 192.168.1.65.53597 > 64.147.188.18.443: Flags [S], seq
3842378412, win 14600, options [mss 1460,sackOK,TS val 2193056 ecr
0,nop,wscale 7], length 0
19:27:45.394495 IP 192.168.1.65.53598 > 64.147.188.18.443: Flags [S], seq
3268035818, win 14600, options [mss 1460,sackOK,TS val 2193056 ecr
0,nop,wscale 7], length 0
19:27:45.394499 IP 192.168.1.65.53599 > 64.147.188.18.443: Flags [S], seq
2288422783, win 14600, options [mss 1460,sackOK,TS val 2193056 ecr
0,nop,wscale 7], length 0
19:27:45.394503 IP 192.168.1.65.53600 > 64.147.188.18.443: Flags [S], seq
1924775660, win 14600, options [mss 1460,sackOK,TS val 2193056 ecr
0,nop,wscale 7], length 0
19:27:45.437796 IP 192.168.1.65.53665 > 64.147.188.18.443: Flags [S], seq
298888272, win 14600, options [mss 1460,sackOK,TS val 2193069 ecr
0,nop,wscale 7], length 0
19:27:45.474461 IP 192.168.1.65.53633 > 64.147.188.18.443: Flags [S], seq
1715559767, win 14600, options [mss 1460,sackOK,TS val 2193080 ecr
0,nop,wscale 7], length 0
19:27:45.474469 IP 192.168.1.65.53634 > 64.147.188.18.443: Flags [S], seq
1860803928, win 14600, options [mss 1460,sackOK,TS val 2193080 ecr
0,nop,wscale 7], length 0
19:27:45.474472 IP 192.168.1.65.53635 > 64.147.188.18.443: Flags [S], seq
1134654807, win 14600, options [mss 1460,sackOK,TS val 2193080 ecr
0,nop,wscale 7], length 0
19:27:45.474475 IP 192.168.1.65.53636 > 64.147.188.18.443: Flags [S], seq
2496139043, win 14600, options [mss 1460,sackOK,TS val 2193080 ecr
0,nop,wscale 7], length 0
19:27:45.474478 IP 192.168.1.65.53637 > 64.147.188.18.443: Flags [S], seq
52809697, win 14600, options [mss 1460,sackOK,TS val 2193080 ecr
0,nop,wscale 7], length 0
19:27:45.487795 IP 192.168.1.65.53638 > 64.147.188.18.443: Flags [S], seq
1193905635, win 14600, options [mss 1460,sackOK,TS val 2193084 ecr
0,nop,wscale 7], length 0
19:27:45.521130 IP 192.168.1.65.53648 > 64.147.188.18.443: Flags [S], seq
2435494456, win 14600, options [mss 1460,sackOK,TS val 2193094 ecr
0,nop,wscale 7], length 0
19:27:45.521137 IP 192.168.1.65.53649 > 64.147.188.18.443: Flags [S], seq
1076454250, win 14600, options [mss 1460,sackOK,TS val 2193094 ecr
0,nop,wscale 7], length 0
19:27:45.521140 IP 192.168.1.65.53650 > 64.147.188.18.443: Flags [S], seq
4273166310, win 14600, options [mss 1460,sackOK,TS val 2193094 ecr
0,nop,wscale 7], length 0
19:27:45.521142 IP 192.168.1.65.53651 > 64.147.188.18.443: Flags [S], seq
2238779580, win 14600, options [mss 1460,sackOK,TS val 2193094 ecr
0,nop,wscale 7], length 0
19:27:45.821142 IP 192.168.1.65.53601 > 64.147.188.18.443: Flags [S], seq
1218150538, win 14600, options [mss 1460,sackOK,TS val 2193184 ecr
0,nop,wscale 7], length 0
19:27:45.821157 IP 192.168.1.65.53602 > 64.147.188.18.443: Flags [S], seq
1564399171, win 14600, options [mss 1460,sackOK,TS val 2193184 ecr
0,nop,wscale 7], length 0
19:27:45.874464 IP 192.168.1.65.53535 > 64.147.188.18.443: Flags [S], seq
3871568603, win 14600, options [mss 1460,sackOK,TS val 2193200 ecr
0,nop,wscale 7], length 0
19:27:45.874474 IP 192.168.1.65.53536 > 64.147.188.18.443: Flags [S], seq
1200317769, win 14600, options [mss 1460,sackOK,TS val 2193200 ecr
0,nop,wscale 7], length 0
19:27:45.874477 IP 192.168.1.65.53537 > 64.147.188.18.443: Flags [S], seq
1066099685, win 14600, options [mss 1460,sackOK,TS val 2193200 ecr
0,nop,wscale 7], length 0
19:27:45.874480 IP 192.168.1.65.53538 > 64.147.188.18.443: Flags [S], seq
103573693, win 14600, options [mss 1460,sackOK,TS val 2193200 ecr
0,nop,wscale 7], length 0
19:27:45.874484 IP 192.168.1.65.53539 > 64.147.188.18.443: Flags [S], seq
2863165172, win 14600, options [mss 1460,sackOK,TS val 2193200 ecr
0,nop,wscale 7], length 0
19:27:45.927809 IP 192.168.1.65.53378 > 64.147.188.18.443: Flags [S], seq
1443651518, win 14600, options [mss 1460,sackOK,TS val 2193216 ecr
0,nop,wscale 7], length 0
19:27:46.077795 IP 192.168.1.65.53666 > 64.147.188.18.443: Flags [S], seq
3852535012, win 14600, options [mss 1460,sackOK,TS val 2193261 ecr
0,nop,wscale 7], length 0
19:27:46.077804 IP 192.168.1.65.53668 > 64.147.188.18.443: Flags [S], seq
566989182, win 14600, options [mss 1460,sackOK,TS val 2193261 ecr
0,nop,wscale 7], length 0
19:27:46.077807 IP 192.168.1.65.53669 > 64.147.188.18.443: Flags [S], seq
3777578631, win 14600, options [mss 1460,sackOK,TS val 2193261 ecr
0,nop,wscale 7], length 0
19:27:46.114462 IP 192.168.1.65.53639 > 64.147.188.18.443: Flags [S], seq
2001028625, win 14600, options [mss 1460,sackOK,TS val 2193272 ecr
0,nop,wscale 7], length 0
19:27:46.161132 IP 192.168.1.65.53652 > 64.147.188.18.443: Flags [S], seq
2738092749, win 14600, options [mss 1460,sackOK,TS val 2193286 ecr
0,nop,wscale 7], length 0
19:27:46.161140 IP 192.168.1.65.53653 > 64.147.188.18.443: Flags [S], seq
3553154323, win 14600, options [mss 1460,sackOK,TS val 2193286 ecr
0,nop,wscale 7], length 0
19:27:46.327796 IP 192.168.1.65.53640 > 64.147.188.18.443: Flags [S], seq
3162972276, win 14600, options [mss 1460,sackOK,TS val 2193336 ecr
0,nop,wscale 7], length 0
19:27:46.354904 IP 192.168.1.65.53670 > 64.147.188.18.443: Flags [S], seq
2952496245, win 14600, options [mss 1460,sackOK,TS val 2193344 ecr
0,nop,wscale 7], length 0
19:27:46.374464 IP 192.168.1.65.53654 > 64.147.188.18.443: Flags [S], seq
3991905334, win 14600, options [mss 1460,sackOK,TS val 2193350 ecr
0,nop,wscale 7], length 0
19:27:46.374473 IP 192.168.1.65.53655 > 64.147.188.18.443: Flags [S], seq
634040360, win 14600, options [mss 1460,sackOK,TS val 2193350 ecr
0,nop,wscale 7], length 0
19:27:46.374477 IP 192.168.1.65.53656 > 64.147.188.18.443: Flags [S], seq
4200584575, win 14600, options [mss 1460,sackOK,TS val 2193350 ecr
0,nop,wscale 7], length 0
19:27:46.567805 IP 192.168.1.65.53379 > 64.147.188.18.443: Flags [S], seq
1734267859, win 14600, options [mss 1460,sackOK,TS val 2193408 ecr
0,nop,wscale 7], length 0
19:27:46.567819 IP 192.168.1.65.53380 > 64.147.188.18.443: Flags [S], seq
2166714112, win 14600, options [mss 1460,sackOK,TS val 2193408 ecr
0,nop,wscale 7], length 0
19:27:46.567823 IP 192.168.1.65.53381 > 64.147.188.18.443: Flags [S], seq
1752055028, win 14600, options [mss 1460,sackOK,TS val 2193408 ecr
0,nop,wscale 7], length 0
19:27:46.567827 IP 192.168.1.65.53382 > 64.147.188.18.443: Flags [S], seq
3208704690, win 14600, options [mss 1460,sackOK,TS val 2193408 ecr
0,nop,wscale 7], length 0
19:27:46.567831 IP 192.168.1.65.53383 > 64.147.188.18.443: Flags [S], seq
1871889640, win 14600, options [mss 1460,sackOK,TS val 2193408 ecr
0,nop,wscale 7], length 0
19:27:46.567834 IP 192.168.1.65.53384 > 64.147.188.18.443: Flags [S], seq
1176559303, win 14600, options [mss 1460,sackOK,TS val 2193408 ecr
0,nop,wscale 7], length 0
19:27:46.567838 IP 192.168.1.65.53385 > 64.147.188.18.443: Flags [S], seq
542685111, win 14600, options [mss 1460,sackOK,TS val 2193408 ecr
0,nop,wscale 7], length 0
19:27:46.587798 IP 192.168.1.65.53657 > 64.147.188.18.443: Flags [S], seq
1126902578, win 14600, options [mss 1460,sackOK,TS val 2193414 ecr
0,nop,wscale 7], length 0
19:27:46.587808 IP 192.168.1.65.53658 > 64.147.188.18.443: Flags [S], seq
2926788370, win 14600, options [mss 1460,sackOK,TS val 2193414 ecr
0,nop,wscale 7], length 0`
What is basically happening is that my IP (192.168.1.65) is sending TCP
SYN packets at a very high rate (~35 req/sec) to 64.147.188.18
(observatory6.eff.org) port 443 (HTTPS), probably depleting Firefox's
resources and making browsing impossible. I suspect this is some sort of a
software bug / infinite loop scenario within the SSL Obserbatory
component.
I disabled HTTPS Everywhere and restarted Firefox, which stopped the flood
and all websites started loading normally again. Then, I re-enabled HTTPS
Everywhere and again restarted Firefox, and now it's again working fine
without flooding or anything. Moreover, I can't reproduce the situation
that lead to the flood even if I tried re-visiting the websites I think I
was visiting before the flood happened.
Possible(?) problem pointer:
* I am using another add-on called [https://addons.mozilla.org/en-
US/firefox/addon/foxyproxy-standard/ FoxyProxy] to enable retrieving Tor
Hidden Services (pattern: *.onion/*) through a Tor SOCKS proxy (I know
this is not a fully secure setup). I am NOT using Torbutton or other Tor-
related add-ons. Just before the flood happened, I was trying to browse a
.onion service. This MIGHT have something to do with the flood, but I
don't think the .onion service was using HTTPS, though I can not be
absolutely sure. I have never seen a .onion service use HTTPS, because it
is a redundant form of encryption for them AFAIK.
Above timestamps correlate to UTC 16:27:45/46 on 9 April, 2013. Public IP
address available if needed.
---
My SSL Observatory settings:
[x] Use the Observatory?
[x] Check certificates even if Tor is not available (the other radio
option is unselectable/disabled)
[x] When you see a new cert, tell the Observatory which ISP you are
connected to
[ ] Submit and check self-signed certs
[x] Submit and check certs signed by non-standard root CAs
[ ] Submit and check certs for non-public DNS names
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8670>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs