[tor-bugs] #17451 [Tor]: Tor controller [ControlPort] - bruteforce defence measures & detailed logging
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Oct 29 15:58:36 UTC 2015
#17451: Tor controller [ControlPort] - bruteforce defence measures & detailed
logging
-----------------------------+------------------------------
Reporter: programings | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Tor | Version: Tor: unspecified
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Sponsor:
-----------------------------+------------------------------
Sometimes, as a relay operator, you should open your ControlPort to the
world, because of various reasons - SSH is not always an option, you have
application that implements Tor control protocol and it should control
your OR remotely, etc.
When this happens, current controller implementation doesn't have any
mechanism to prevent bruteforcing of the HashedControlPassword or the
authentication cookie, and also the hypothetic attacker will remain
compleatly anonymous (in general case, possible solution is to have
another service monitoring the sockets and log the remote IP), because Tor
doesn't log any data about him or her, like IP address, for example.
Because of this behaviour, you also can't use software like fail2ban to
ban the attackers based on the logged failed attempts.
Given all this, even with a strong enough passphrase, it becomes easy to
break through the authentication and do a lot of bad things.
Tor should have a configuration directive to specify a limit of the number
of allowed attempts when ControlPort socket is non-local. When the
threshold is reached, Tor should block future attempts from this IP for a
certain period of time.
The detailed logging will allow use of another software to take care in
depth.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17451>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list