[tor-relays] 'relay early' attack detection at the infrastructure level

Zenaan Harkness zen at freedbms.net
Sat Aug 2 06:14:41 UTC 2014


On 8/2/14, Roger Dingledine <arma at mit.edu> wrote:
> On Sat, Aug 02, 2014 at 03:38:51PM +1000, Zenaan Harkness wrote:
>> >> the RELAY_EARLY cell has common legitimate uses.
>> >> How can we distinguish an attack from those?
>> >
>> > Correctly-behaving Tor relays never send RELAY_CELL cells backwards
>> > (towards the client) on the circuit.
>
> Gah. I should have written RELAY_EARLY above. Sorry for the confusion.
>
>> > So if you see one, it's somebody not following the protocol.
>>
>> Might be a stupid question sorry, but why not just block such
>> relay-early packets coming in the wrong direction?
>
> New relays do block them. Actually they close the circuit and warn,
> since once somebody has violated the protocol like this, it's unwise to
> let them continue interacting with you.
>
> Or is that what you meant?

ACK. Thanks.


More information about the tor-relays mailing list