[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13667 [Tor]: Prevent port scanning of hidden services

Subject: Re: [tor-bugs] #13667 [Tor]: Prevent port scanning of hidden services
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 19 Nov 2014 13:45:52 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 19 Nov 2014 08:45:59 -0500
In-reply-to: <044.633990205f1f6cb5eab5ae86d37d071f@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.633990205f1f6cb5eab5ae86d37d071f@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#13667: Prevent port scanning of hidden services
------------------------+------------------------------------------
     Reporter:  arma    |      Owner:
         Type:  defect  |     Status:  new
     Priority:  major   |  Milestone:  Tor: 0.2.6.x-final
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:  SponsorR tor-hs 025-backport
Actual Points:          |  Parent ID:
       Points:          |
------------------------+------------------------------------------

Comment (by dgoulet):

 After a discussion on IRC at the little-t tor meeting, here is the
 consensus. In a nutshell, reason done and kill the circuit.

 {{{
 < nickm> Ultimately, there is no solution to #13667.  If a client can try
 to connect
          to a port, and if that client can differentiate success from
 failure, and
          the scanner knows everything that the client does, then
 ultimately the
          scanner can scan ports.
 < dgoulet> yes exactly so our best course of action is to make it harder
 as we can I
            guess
 < nickm> so, if we do END_REASON_DONE and drop, they have to build more
 circuits and
          do more introduction handshakes.
 < dgoulet> "2)" has the possible drawback of the HS having a lot of opened
 circ.
 < nickm> If we  do "insert random delays and finally drop at some point",
 they have
          to open just as many circuits, maybe, and their programming job
 gets a
          little harder, but they can do multiple queries in parallel, so
 ultimately
          we're not slowing them down much
 < dgoulet> nickm: yeah the parallel scanning makes that solution a bit
 useless
 < nickm> I think that "drop and kill the circuit" is probably a reasonable
 thing to
          do, in terms of trade-off between how much it helps and how hard
 it is.
 < Yawning> ;_;
 < Yawning> yeah
 < dgoulet> yeah
 < Yawning> if people are more paranoid, they could use authenticated HSes
 or
            something
 < nickm> Yeah. For a real answer, I'd think that better access control is
 the answer.
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13667#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #13667 [Tor]: Prevent port scanning of hidden services
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #12238 [Tor Browser]: Make Linux bundles built with LXC match their KVM counterparts
Next by Author: [tor-bugs] #13790 [Tor]: Refactor and add comments to new_route_len()
Previous by thread: Re: [tor-bugs] #13667 [Tor]: Prevent port scanning of hidden services
Next by thread: Re: [tor-bugs] #13667 [Tor]: Prevent port scanning of hidden services
Index(es):
- Author
- Thread