[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Log warning : possible (zlib) compression bomb on middle relays



also saw this on my Tor exit dannydevito, but these messages only appeared once in logs (UTC time)

Nov  2 04:21:44 <daemon.warn> dannydevito Tor: Possible zlib bomb; abandoning stream.
Nov  2 04:22:42 <daemon.warn> dannydevito Tor: Possible compression bomb; abandoning stream.
Nov  2 04:22:42 <daemon.warn> dannydevito syslogd: last message repeated 2 times
Nov  2 04:23:42 <daemon.warn> dannydevito Tor: Possible zlib bomb; abandoning stream.
Nov  2 04:23:42 <daemon.warn> dannydevito Tor: Possible compression bomb; abandoning stream.
Nov  2 04:23:42 <daemon.warn> dannydevito syslogd: last message repeated 3 times

On 11/3/20 05:59, Christoph Graf wrote:

Same here on my bridge:

Nov  2 06:21:04 raspipfupf Tor[2556]: Possible zlib bomb; abandoning stream.
Nov  2 06:21:04 raspipfupf Tor[2556]: Possible zlib bomb; abandoning stream.

Time is UTC+1, nothing before and after

Cheers, Christoph

On 02.11.20 11:05, Guinness wrote:
Hi all,

We are at least 3 users running middle relays from 0.4.4.5 and after having
some logs like those :
```
Nov 02 05:30:55.000 [warn] Possible compression bomb; abandoning stream.
Nov 02 05:30:55.000 [warn] Possible zlib bomb; abandoning stream.
Nov 02 05:30:56.000 [warn] Possible compression bomb; abandoning stream.
Nov 02 05:31:00.000 [warn] Possible compression bomb; abandoning stream.
Nov 02 05:31:00.000 [warn] Possible compression bomb; abandoning stream.
Nov 02 05:31:00.000 [warn] Possible compression bomb; abandoning stream.
Nov 02 05:31:55.000 [warn] Possible compression bomb; abandoning stream.
Nov 02 05:31:56.000 [warn] Possible compression bomb; abandoning stream.
```

I'm wondering if this is an attack or a new feature (haven't checked
yet) but I'd like to know how many users are impacted.

The interesting informations are :
 * Number of warnings
 * What kind of relay it is (middle, exit, entry)

After your answers, I'll complete the issue I have opened on the bug
tracker.


Cheers,

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays