[tor-bugs] #31460 [Circumvention/Snowflake]: Can attackers disable proxies by using their ID?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Aug 20 00:45:49 UTC 2019
#31460: Can attackers disable proxies by using their ID?
-----------------------------------------+--------------------
Reporter: phw | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Circumvention/Snowflake | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-----------------------------------------+--------------------
We just had the following discussion on IRC.
{{{
serna> If there are two proxies with the same sessionID
serna> When the broker does the proxyAnswers it does the idToSnowflake
which proxy would it return?
serna> Suppose I'm an attacker, I would go to the broker's /debug page,
scrape all the IDs and start sending requests to /proxy with those IDs
continuously
phw> cohosh, dcf1: ^
phw> that's an interesting point. i'm not familiar enough with the code
to answer this question but i'll forward it to snowflake's maintainers
serna> phw: I did a little PoC with two proxies sending the same id and
the broker didnt care, but the dangerous part is when an offer is accepted
by the proxy and it sends the answer
[...]
phw> serna: this would effectively be a DoS issue, right? it may allow
you to disable a given proxy.
serna> phw: yes I believe it would be. If it works like I think it could
disable every proxy connected to the broker
}}}
Is this an issue in our broker implementation?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31460>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list