[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Please check if your relay has fallen out of the consensus



Tossing this kdea out there since it is more an attack on bitcoin style decentralization rather than Tor style decentralization. I do not know if it applies to Tor.

Could this be a form of an "Eclipse" attack? 

"Eclipse attacks occur when a node is isolated from all honest peers but remains connected to at least one malicious peer." https://bitcoinops.org/en/topics/eclipse-attacks/

Could an ASN feasibly deny connections to all official directories besides a malicious one to serve a malicious consensus? Perhaps to be used to then provide malicious controlled circuits or other attacks. 

I understand that there seems to be a signing of the consensus by directory authorities. Can an outdated, yet cryptographically valid, consesus be served by malicous DA's when others are eclipsed? Perhaps this could serve an older or more vulnurable consensus. 

Tossing this idea out there since blocking just of directory authorities compared to all Tor relays came off as odd to me. 

-------- Original Message --------
On 10/22/24 4:48 AM, Roger Dingledine - arma at torproject.org <arma_at_torproject_org_dakfxbjzjp@xxxxxxxxxxxxxx> wrote:

>  Hi folks!
>  
>  We're hunting down a mystery where two of our big university relays are
>  having troubles reaching the Tor directory authorities:
>  https://gitlab.torproject.org/tpo/network-health/analysis/-/issues/86
>  
>  Can you check to see if your relay is in a similar situation?
>  
>  In particular, the situation to look for is "Tor process is
>  still running fine from your perspective, but, relay-search
>  (https://atlas.torproject.org/) says you are no longer running."
>  
>  If your relay is in this situation, the next step is to check your Tor
>  logs, try to rule out other issues like firewall rules on your side,
>  and then (if you're able) to start exploring traceroutes to the directory
>  authority IP addresses vs other addresses. If you need more direct help,
>  we can help you debug or answer other questions on #tor-relays on IRC.
>  
>  Thanks,
>  --Roger
>  
>  _______________________________________________
>  tor-relays mailing list
>  tor-relays@xxxxxxxxxxxxxxxxxxxx
>  https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>  
>

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays