[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Network scan results for CVE-2016-5696 / RFC5961



pa011:
> Could you give some explanation please on the difference between:

> -lots of challenge ACKs
received exactly the same number of chacks as number of sent RSTs (fixed
kernel, sysctl workaround, ...)
> -one challenge ACK
received just one chack during this connection
> -two challenge ACKs
received one chack after first RST burst, another one after second burst
> -vulnerable
100chacks/s rate limit was hit twice
> -zero challenge
RFC5961 is not supported
> -multiple challenge ACKs
anything else, i.e. there are some random number of chacks received but
less than number of sent RSTs, probably rate-limited

Current (these) definitions are here [1]. But they are a subject of
change, because I'm trying to improve scanning method (separating
counters for each of bursts).

[1] https://github.com/nogoegst/grill/blob/master/verdict/verdict.go
--
Ivan Markin
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays