[tor-relays] Please check if your relay has fallen out of the consensus

pasture_clubbed242 at simplelogin.com pasture_clubbed242 at simplelogin.com
Tue Oct 29 04:35:35 UTC 2024


Tossing this kdea out there since it is more an attack on bitcoin style decentralization rather than Tor style decentralization. I do not know if it applies to Tor.

Could this be a form of an "Eclipse" attack? 

"Eclipse attacks occur when a node is isolated from all honest peers but remains connected to at least one malicious peer." https://bitcoinops.org/en/topics/eclipse-attacks/

Could an ASN feasibly deny connections to all official directories besides a malicious one to serve a malicious consensus? Perhaps to be used to then provide malicious controlled circuits or other attacks. 

I understand that there seems to be a signing of the consensus by directory authorities. Can an outdated, yet cryptographically valid, consesus be served by malicous DA's when others are eclipsed? Perhaps this could serve an older or more vulnurable consensus. 

Tossing this idea out there since blocking just of directory authorities compared to all Tor relays came off as odd to me. 

-------- Original Message --------
On 10/22/24 4:48 AM, Roger Dingledine - arma at torproject.org <arma_at_torproject_org_dakfxbjzjp at simplelogin.co> wrote:

>  Hi folks!
>  
>  We're hunting down a mystery where two of our big university relays are
>  having troubles reaching the Tor directory authorities:
>  https://gitlab.torproject.org/tpo/network-health/analysis/-/issues/86
>  
>  Can you check to see if your relay is in a similar situation?
>  
>  In particular, the situation to look for is "Tor process is
>  still running fine from your perspective, but, relay-search
>  (https://atlas.torproject.org/) says you are no longer running."
>  
>  If your relay is in this situation, the next step is to check your Tor
>  logs, try to rule out other issues like firewall rules on your side,
>  and then (if you're able) to start exploring traceroutes to the directory
>  authority IP addresses vs other addresses. If you need more direct help,
>  we can help you debug or answer other questions on #tor-relays on IRC.
>  
>  Thanks,
>  --Roger
>  
>  _______________________________________________
>  tor-relays mailing list
>  tor-relays at lists.torproject.org
>  https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>  
>  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20241029/5b63f2fb/attachment-0001.sig>


More information about the tor-relays mailing list