[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17782 [Tor]: Relays may publish descriptors with incorrect IP address

Subject: Re: [tor-bugs] #17782 [Tor]: Relays may publish descriptors with incorrect IP address
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 16 Dec 2015 03:11:46 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 15 Dec 2015 22:11:53 -0500
In-reply-to: <042.cf38fa0cbd3e68add0dfb4a7314d6521@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.cf38fa0cbd3e68add0dfb4a7314d6521@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17782: Relays may publish descriptors with incorrect IP address
--------------------+------------------------------------
 Reporter:  fk      |          Owner:
     Type:  defect  |         Status:  new
 Priority:  High    |      Milestone:  Tor: 0.2.7.x-final
Component:  Tor     |        Version:  Tor: unspecified
 Severity:  Major   |     Resolution:
 Keywords:          |  Actual Points:
Parent ID:  #17811  |         Points:
  Sponsor:          |
--------------------+------------------------------------
Changes (by teor):

 * parent:   => #17811


Comment:

 Replying to [comment:4 teor]:
 > In #17850, the following mitigation was suggested:
 > "Maybe a NATed OR should self-test its reachability before advertising
 the new IP address."
 >
 > I wonder if this would be a DoS risk because it takes relays off the
 network, but having them provide descriptors with the wrong address does
 that anyway.

 If we're going to do this, we should check:
 * IPv4 ORPort reachability
 * IPv4 DirPort reachability

 (See #6939 for IPv6 reachability tests. If we ever discover our own IPv6
 address (#5940), we should also make sure we re-do IPv6 reachability tests
 before republishing the descriptor.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17782#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #17782 [Tor]: Relays may publish descriptors with incorrect IP address
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #6939 [Tor]: Missing IPv6 ORPort reachability check
Next by Author: Re: [tor-bugs] #16961 [Atlas]: Switch from displaying "family" field to new "alleged_family" and "effective_family" fields
Previous by thread: Re: [tor-bugs] #17782 [Tor]: Relays may publish descriptors with incorrect IP address
Next by thread: Re: [tor-bugs] #17782 [Tor]: Relays may publish descriptors with incorrect IP address
Index(es):
- Author
- Thread