[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #4581 [Tor]: Dir auths should defend themselves from too many begindir requests per address

Subject: Re: [tor-bugs] #4581 [Tor]: Dir auths should defend themselves from too many begindir requests per address
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 01 Jun 2015 16:07:29 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 01 Jun 2015 12:07:37 -0400
In-reply-to: <044.d0fd424a1666b13c134b38cc933efb45@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.d0fd424a1666b13c134b38cc933efb45@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#4581: Dir auths should defend themselves from too many begindir requests per
address
-------------------------+-------------------------------------------------
     Reporter:  arma     |      Owner:  andrea
         Type:  defect   |     Status:  assigned
     Priority:  major    |  Milestone:  Tor: 0.2.7.x-final
    Component:  Tor      |    Version:  Tor: 0.2.7
   Resolution:           |   Keywords:  maybe-proposal, tor-auth,
Actual Points:           |  027-triaged-1-in, SponsorU
       Points:  medium   |  Parent ID:
-------------------------+-------------------------------------------------

Comment (by andrea):

 So, I think the right place to add this check is in
 connection_exit_connect_dir() or immediately up its call chain.  It's easy
 enough to make this fail on the basis of some criterion, but I believe
 it's possible for these to occur either from a single-hop circuit (we know
 the client's real IP) or anonymized, in which case perhaps the criterion
 should be begindirs from the same circuit rather than the same IP so the
 would-be attacker at least must work.  Thoughts on the right filter to
 implement, anyone?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4581#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #16221 [Tor Browser]: Investiate WebRTC with TCP-ICE and hidden services
Next by Author: [tor-bugs] #16257 [- Select a component]: Potentially Dangerous Connection!
Previous by thread: Re: [tor-bugs] #4581 [Tor]: Dir auths should defend themselves from too many begindir requests per address
Next by thread: Re: [tor-bugs] #4581 [Tor]: Dir auths should defend themselves from too many begindir requests per address
Index(es):
- Author
- Thread