[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] 90% of exits vulnerable to TCP off-path attack
At 12:01 8/12/2016 -0400, Zack Weinberg wrote:
>Also, if you read the paper, raising the global rate limit (as
>suggested by the reg. article) doesn't help; it only slows the
>attacker down a little.
The paper indicates that a global counter limit other than
100 can be easily discovered. However the recommended
mitigation effectively removes the global counter by setting
it to 10^9. The described attack requires the counter
be exhausted inside the temporal bounds of one second and the
Internet as it exists today cannot support 10^9 probes on
that deadline.
IMO the recommended mitigation is effective and should
be applied by those believing RFC-5961-as-presently-
implemented changes worse than the weaknesses addressed
by the RFC. I applied the mitigation.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays