Uptime Sanity Checking
Damon Liwanu Mc Coy
Damon.Mccoy at Colorado.EDU
Thu Mar 8 22:39:59 UTC 2007
Filename: uptime_sanity_checking.txt
Title: Uptime Sanity Checking
Version:
Last-Modified:
Author: Kevin Buaer & Damon McCoy
Created: 8-March-2007
Status: Open
Overview:
This document describes how to cap the uptime that
is used when computing which routers are maked as stable
such that highly stable routers cannot be displaced by
malicious routers that report extremely high uptime
values.
This is similar to how bandwidth is capped at 1.5MB/s.
Motivation:
It has been pointed out that an attacker can
displace all stable nodes and entry guard nodes by
reporting high uptimes. This is an easy fix that
will prevent highly stable nodes from being
displaced.
Security implications:
It should decrease the effectiveness of routing
attacks that report high uptimes while not impacting
the normal routing algorithms.
Specification:
We propose that uptime be capped at two months.
Currently there are approximetly 50 nodes with this
amount of uptime, and the average uptime is around 9
days. This cap would prevent these 50 nodes from
being displaced by an attacker.
Compatibility:
There should be no compatiblity issues due to uptime
capping.
Implementation:
#define MAX_BELIEVABLE_UPTIME 60*24*60*60
dirserv.c
1448: *up = (uint32_t) real_uptime(ri, now);
if(*up > MAX_BELIEVABLE_UPTIME) {
*up = MAX_BELIEVABLE_UPTIME;
}
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: uptime_sanity_checking.txt
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20070308/cad7794b/attachment.txt>
More information about the tor-dev
mailing list