[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Exit relay operators please help test #2667 branch



Roger Dingledine wrote:
Hello friendly relay operators,

Another day, another weird thing with the Tor network. This time we
have some jerk bombing the directory authorities with directory fetches,
and doing it via exits:
https://lists.torproject.org/pipermail/network-health/2021-January/000661.html

The network is mostly holding together, but I wouldn't say it is pretty.

One of the long-term fixes will be ticket #2667:
https://gitlab.torproject.org/tpo/core/tor/-/issues/2667
where exit relays refuse to let users connect back into the Tor network.

David and I made a branch this evening that implements #2667, and it
could use some testing. If you're comfortable building your exit relay
from a git branch, please do, and let us know how it goes. It is the
"ticket2667" branch on either
https://git.torproject.org/user/arma/tor
or
https://gitlab.torproject.org/arma/tor/

And if your relay is currently using 100% cpu and/or way more bandwidth
than usual, you might be especially excited to try out this patch. :)

When the defense triggers, you will see an info-level log line like
"%s tried to connect back to a known relay address. Closing."
(where %s is the destination, so don't get upset at them. :)

You can let us know how it's going either by mail just to me, or by a
reply on the list, whichever you prefer. Once we know that you're running
the branch, we can also probe your relay remotely to verify that it is
correctly refusing those connections.

Thanks!
--Roger


Hello,

Indeed the defense is triggered more often than I expected. Very nice.

I tried to read on that ticket that's a decade old but didn't understand what was the final resolution.

This defense is only implemented at the Exit relay, and it blocks all the relay:ORPort / DirPort combinations that exit knows about according to its version of the consensus?

What happens if the abuser has a different valid consensus (newer/older) that has some relays which are not known by the Exit? Or if the abuser uses for re-entry a relay configured with `PublishServerDescriptor 0`? How does it treat bridges?

And most important, does this means that an Exit will no longer try to connect to other middle relay? At this moment can't an exit relay (of course with a small probability) be used as a middle or entry? Won't this become a mess if we have 80% of relays Exits and thus used more as 1st or 2nd hops, or in a perfect future where 100% or relays are all exits?

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays