also saw this on my Tor exit dannydevito, but these messages only
appeared once in logs (UTC time)
Nov 2 04:21:44 <daemon.warn> dannydevito Tor: Possible
zlib bomb; abandoning stream.
Nov 2 04:22:42 <daemon.warn> dannydevito Tor: Possible
compression bomb; abandoning stream.
Nov 2 04:22:42 <daemon.warn> dannydevito syslogd: last
message repeated 2 times
Nov 2 04:23:42 <daemon.warn> dannydevito Tor: Possible zlib
bomb; abandoning stream.
Nov 2 04:23:42 <daemon.warn> dannydevito Tor: Possible
compression bomb; abandoning stream.
Nov 2 04:23:42 <daemon.warn> dannydevito syslogd: last
message repeated 3 times
Same here on my bridge:
Nov 2 06:21:04 raspipfupf Tor[2556]: Possible zlib bomb; abandoning stream.
Nov 2 06:21:04 raspipfupf Tor[2556]: Possible zlib bomb; abandoning stream.Time is UTC+1, nothing before and after
Cheers, Christoph
On 02.11.20 11:05, Guinness wrote:
Hi all, We are at least 3 users running middle relays from 0.4.4.5 and after having some logs like those : ``` Nov 02 05:30:55.000 [warn] Possible compression bomb; abandoning stream. Nov 02 05:30:55.000 [warn] Possible zlib bomb; abandoning stream. Nov 02 05:30:56.000 [warn] Possible compression bomb; abandoning stream. Nov 02 05:31:00.000 [warn] Possible compression bomb; abandoning stream. Nov 02 05:31:00.000 [warn] Possible compression bomb; abandoning stream. Nov 02 05:31:00.000 [warn] Possible compression bomb; abandoning stream. Nov 02 05:31:55.000 [warn] Possible compression bomb; abandoning stream. Nov 02 05:31:56.000 [warn] Possible compression bomb; abandoning stream. ``` I'm wondering if this is an attack or a new feature (haven't checked yet) but I'd like to know how many users are impacted. The interesting informations are : * Number of warnings * What kind of relay it is (middle, exit, entry) After your answers, I'll complete the issue I have opened on the bug tracker. Cheers,
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays