[tor-bugs] #26294 [Core Tor/Tor]: attacker can force intro point rotation by ddos
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Aug 19 15:46:09 UTC 2019
#26294: attacker can force intro point rotation by ddos
-------------------------------------------------+-------------------------
Reporter: arma | Owner: asn
Type: defect | Status:
| merge_ready
Priority: Medium | Milestone: Tor:
| 0.4.2.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-hs, tor-dos, network-team- | Actual Points: 6
roadmap-august |
Parent ID: #29999 | Points: 7
Reviewer: dgoulet | Sponsor:
| Sponsor27-must
-------------------------------------------------+-------------------------
Comment (by asn):
Replying to [comment:28 nickm]:
> IIRC, the problem would be if an attacker found an introduce cell that
they were very interested in, and replayed it a lot in order to see which
rendezvous point got a bunch of retries.
Hm, I'd like some more help with understanding this attack. The replay
cache refactored by this ticket is the one that protects against replays
from the intro point. So assuming that a malicious intro can now do
replays, how does it also have visibility on which rendezvous point gets
the retries? And how does the knowledge of retry help the attacker get
information about the client or the service?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26294#comment:29>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list