[tor-bugs] #29863 [Obfuscation/Snowflake]: Add disk space monitoring for snowflake infrastructure
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Apr 3 17:26:16 UTC 2019
#29863: Add disk space monitoring for snowflake infrastructure
-----------------------------------+---------------------------
Reporter: cohosh | Owner: (none)
Type: task | Status: new
Priority: Medium | Milestone:
Component: Obfuscation/Snowflake | Version:
Severity: Normal | Resolution:
Keywords: snowflake | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor: Sponsor19
-----------------------------------+---------------------------
Comment (by dcf):
Replying to [comment:9 cohosh]:
> Right now prometheus is running and the output can be accessed by
locally visiting localhost:9100/metrics. I'm going to hold off on allowing
prometheus1.torproject.org to access it until we are confident that the
data exported won't introduce new side channels.
I did `ssh -N -L 9100:127.0.0.1:9100 snowflake-broker` and then browsed to
!http://127.0.0.1:9100/metrics. And yeah, looks like there is some
potentially useful (to an attacker) stuff in there:
{{{
# HELP apt_upgrades_pending Apt package pending updates by origin.
# HELP node_boot_time_seconds Node boot time, in unixtime.
# HELP node_entropy_available_bits Bits of available entropy.
# HELP node_intr_total Total number of interrupts serviced.
# HELP node_uname_info Labeled system information as provided by the uname
system call.
# HELP node_network_transmit_bytes_total Network device statistic
transmit_bytes.
# HELP node_sockstat_TCP_inuse Number of TCP sockets in state inuse.
}}}
It doesn't look disastrous on its own, but I think you're right to be
cautious.
It looks like this information is not encrypted in transit? Maybe we could
expose it on an authenticated onion service instead?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29863#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list