[tor-bugs] #26294 [Core Tor/Tor]: attacker can force intro point rotation by ddos
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Sep 11 18:28:44 UTC 2019
#26294: attacker can force intro point rotation by ddos
-------------------------------------------------+-------------------------
Reporter: arma | Owner: asn
Type: defect | Status:
| merge_ready
Priority: Medium | Milestone: Tor:
| 0.4.2.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-hs, tor-dos, network-team- | Actual Points: 6
roadmap-august, security, 042-should |
Parent ID: #29999 | Points: 7
Reviewer: dgoulet | Sponsor:
| Sponsor27-must
-------------------------------------------------+-------------------------
Comment (by s7r):
The attacks are quite possible, but also the current replay cache behavior
can be trivailly gamed so the onion service will rotate intro points more
often than we would normally want and thus trigger a different sybil type
attack where eventually the onion service pick a hostile introduction
point. Both time limit and number of introductions limit are important and
mitigate different thread models.
Which is why I think configuring the replay cache to limit on a "hybrid"
threshold (time + introductions) as described in comment:11 will not
interfere with the issues and concerns described above. It's just about
choosing the right variable min and max values so that introduction points
are not rotated too fast but also cannot send unlimited replays
(introductions) during their time-based lifetime. A "hybrid" limitation as
described will simply enhance the current behavior instead of radically
changing it.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26294#comment:35>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list