[tor-bugs] #13155 [Tor]: I can use an extend cell to remotely determine whether two relays have a connection open
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Sep 15 15:06:10 UTC 2014
#13155: I can use an extend cell to remotely determine whether two relays have a
connection open
------------------------+--------------------------
Reporter: arma | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.???
Component: Tor | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
------------------------+--------------------------
Comment (by cypherpunks):
And port part, or absent of port part if to say correctly, can be used for
another bug.
{{{
if (chan->state != CHANNEL_STATE_OPEN) {
/* If the address matches, don't launch a new connection for this
* circuit. */
if (channel_matches_target_addr_for_extend(chan, target_addr))
++n_inprogress_goodaddr;
continue;
}
}}}
If no connection installed yet from `relay A` to `relay B`, then attacker
can to introduce DoS situation by sending storm of extend requests to
`relay A`, with valid digest and address of `relay B` but with wrong port.
Depends firewall settings of target it could be very hard for legal
requests to finish successfully.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13155#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list