[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-relays] 'relay early' attack detection at the infrastructure level
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
[moved to tor-relays]
Hi relay ops,
please consider having a regular look at your logs after upgrading to
the latest tor releases to spot relay_early attacks (even if the
attack origin is not directly attributable from a relays point of view).
searching your logs for
'Received an inbound RELAY_EARLY cell'
should do it.
https://gitweb.torproject.org/tor.git/commitdiff/68a2e4ca4baa595cc4595a511db11fa7ccbbc8f7
>>> It doesn't have to decrypt the stream to see it, because
>>> whether a cell is relay or relay_early is a property of the
>>> (per hop) link, not a property of the (end-to-end) stream.
>>
>> Does a patched relay also create a log entry as soon as it
>> "kills" the circuit or is logging only happening on tor instances
>> acting as clients?
>
> The patched relay also does a log message, yes.
>
> But the relay can only see its immediate neighbor in the circuit,
> so it will only log that. Whether the attacking relay is that
> (adjacent) one, or one farther on the circuit, isn't something your
> relay can learn.
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJT3Bt6AAoJEDcK3SCCSvoensYQAJnuXhPNbhdJF7C6P9L8elG7
elPinCK6vmTbRXCoQam5j1VeL9C3FCBv415s811hfZxA37K17VdiKoS1NXB2kzkW
7WvL5/lH8culr83GTxrca0m7i2x6n0gCPOVPUWI3Go5bzwlsEidZsj7V14h2lfXH
Ew8ZavvL0SLnRYJTvcjzqrWf3L8LsfYou6R2Y7yn085rGaGtUyVkQM44G9Zy3TVY
3lS4XqkZekXmmKjP06JjWdFMFdkaQhItbcdn3fF131ptlZlM5hFUaEpZHbpLLcjz
fgJOt36jlkfILKRvxGyzcI118wmgrFVJFz9d7fuLVOdekK49aWxKh9Yh2aAekQEn
Z3uF/eskL+Txptrc7iEKuWQZVlEkA8WVaQ70F1ADD/irln6ShJ17zrKqJ0qtaYlU
V+CNfj/v2R6AgRhbVsNRdq8SWhDz4Nk4WgdYoUvxzgM1jmkAhQamlkC4f6JCqVQE
/O0qeuXr/Z02pBwshcZlqKnBmPtuilSZwmlstIEfPAX9Tg6S1a0B/ycp3ByyJHJP
QUNKwJ/cHtLpdPmIh2XUOT/5Kf10qmrLP5amYdRtBh304GoeHir3N/zfPmxdLfy7
Spb8W4p2C1HITzRlb9J97OGdKOR/2OOziZHOWZimF5O3fsrzsXQZe3Wlwbt5AxtY
LJ5aXCUjNJ/TXe93nSQH
=3FwX
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays