[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #2668 [Tor Relay]: Rate limit RELAY_EARLY and TLS by IP
#2668: Rate limit RELAY_EARLY and TLS by IP
-----------------------+----------------------------------------------------
Reporter: mikeperry | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Relay | Version:
Keywords: | Parent: #2664
Points: | Actualpoints:
-----------------------+----------------------------------------------------
It is possible to execute an amplification attack on the Tor network
and/or the directory authorities by launching many onionskin and tls
attempts to each relay. These onion skins do not have to be valid, and can
be replays: their only purpose would be to induce a relay to perform the
PK step to attempt to decrypt them. Such an amplification attack can be
used to consume all of the spare CPU of a relay.
One solution would be to rate limit RELAY_EARLY and TLS connections by IP
address as opposed to by only circuit.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2668>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs