Re: Mixed pages - serious bug of tor
On Thu, Jul 17, 2008 at 08:08:38AM +0200, slush wrote: > Tor did not stop serving me. He served me with errors. It is big > difference. In first case, it should be absolutely OK. What errors? Please be specific. > But I was very > surprised, when it served me with pages I never seen. It is security > problem I think. What pages? Please be specific. Thanks, --Roger
Re: Mixed pages - serious bug of tor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It looks like you have DoSed some of the faster Tor relays out there, and then Tor stopped working as well for you. Perhaps these were your entry guards, so you were particularly strongly affected? Tor did not stop serving me. He served me with errors. It is big difference. In first case, it should be absolutely OK. Of course, relay dont know, if he is serving 500 users or 500 connection of one user, but no matters. If it is problem of capacity of relay, it should not accept next connection, if it is full. And you can do a CPU denial of service too, not just a bandwidth denial of service, as you say. I think it isnt answer. This looks like exact and repeatable bug. Ofcourse, im not Tor specialist, so I cannot say 'it is bug in filefoo.c'. While I worked as programmer (now Im only architect, so Im missing contact with sources), I made server systems with massive parallel access and millions of daily visitors (simply, I was developer of centrum.cz). With this experience, I never see problem like this. Every server system should reject next connection, when its full. Of course, there is some possibility, that server power is not used for the edge, but it is much more secure. I dont know exact defence mechanisms in Tor, Im just using Tor API. But I think it is very dangerous, that there is simple possibility to break communication with one simple computer on 256kbit upload link. Try it against any other server application... As I wrote, I think it should be perfect, if node, which is reaching its limit on CPU/opened sockets/whatever should reject all other connection. But I was very surprised, when it served me with pages I never seen. It is security problem I think. I guess we can put some checks for this particular attack in, for example by rate limiting the number of create attempts from a Tor not listed in the directory. But I fear that stopping all DoS avenues is a losing Im listed in directory, because Im running Tor relay. proposition. It's hard enough to build a system that handles many users well even when they are all playing nice. I know very well, what you mean, trust me :-). Marek -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: http://getfiregpg.org iD8DBQFIfuHhr7KgZiv8EokRAmEkAKDq5FXPFBUopWQq6ZcKzy4MnYsBDQCdHPDP tN+mTKWH6KTeMlg0Wy2j55o= =vihL -END PGP SIGNATURE-
Re: Mixed pages - serious bug of tor
On Thu, Jul 17, 2008 at 02:30:25AM +0200, slush wrote: > I tried to repeat this bug (really sorry for all relays operators). > I found that this part of python code breaks connection of standalone > browser. It looks like you have DoSed some of the faster Tor relays out there, and then Tor stopped working as well for you. Perhaps these were your entry guards, so you were particularly strongly affected? But more broadly, yes, the capacity of the Tor network, while huge, is still small compared to all the people out there who might want to use it. And you can do a CPU denial of service too, not just a bandwidth denial of service, as you say. Part of the challenge here is that we've built an anonymity system, and that means it's hard for a relay to distinguish between 500 users each building a circuit, and one guy named Marek building 500 circuits. I guess we can put some checks for this particular attack in, for example by rate limiting the number of create attempts from a Tor not listed in the directory. But I fear that stopping all DoS avenues is a losing proposition. It's hard enough to build a system that handles many users well even when they are all playing nice. Suggestions? > In many cases, refreshing page after script finished leads to corrupted > pages. This sounds like a separate bug. Are you using Privoxy or Polipo? Which version of Torbutton? More details about what "corrupted" means? Thanks, --Roger
Re: Exit node connection statistics
On Mon, Jul 14, 2008 at 2:38 AM, Jan Reister <[EMAIL PROTECTED]> wrote: > Il 13/07/2008 17:54, [EMAIL PROTECTED] ha scritto: >> I set up a statistics script creating a list of the top 100 hosts each day >> to which Tor users connect to over my node (only for ports 80 and 443). >> I decided to make this accessible through a hidden service only, > > You should add your relay nick and publish that page on your exit node > public IP address. > This way users can check that the stats are related to a specific relay. > > I would probably add your node to my ExcludeNodes entry. > > Jan > If he did that, it would skew the results.
Re: Exit node connection statistics
On Mon, Jul 14, 2008 at 8:43 AM, <[EMAIL PROTECTED]> wrote: > > Jan Reister: >> >> I would probably add your node to my ExcludeNodes entry. > > I would like to see a discussion about this. > > So you'd prefer using exit nodes that keep that information for their own? > Why? Or do you blindly trust all other Tor operators until they show some > "bad" behaviour? > > I'm not a friend of two-classes knowledge, and what a Tor node operator can > know, everybody can know. Else it's nothing but security by obscurity. > > Can you explain what the threat scenario is for what I'm doing? > IMO not very much at all, as long as your node remains anonymous. You shouldn't be endangering the anonymity of users.
Re: Exit node connection statistics
On Mon, Jul 14, 2008 at 11:03 AM, coderman <[EMAIL PROTECTED]> wrote: > """ > Should I snoop on the plaintext that exits through my Tor relay? > > No. You may be technically capable of modifying the Tor source code or > installing additional software to monitor or log plaintext that exits > your node. However, Tor relay operators in the U.S. can create legal > and possibly even criminal liability for themselves under state or > federal wiretap laws if they affirmatively monitor, log, or disclose > Tor users' communications, while non-U.S. operators may be subject to > similar laws. Do not examine the contents of anyone's communications > without first talking to a lawyer. > """ > > best regards, > If he's not concerned with possible legal problems, like if he's staying anonymous, this really doesn't matter. It's really his choice.
Re: Mixed pages - serious bug of tor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 More information: I tried to repeat this bug (really sorry for all relays operators). I found that this part of python code breaks connection of standalone browser. for i in range(300): ctl.extend_circuit(0,["sabotage", 'tortila']) ctl.extend_circuit(0,["Bellum", 'tortila']) ctl.extend_circuit(0,['mwserver', 'gpfTOR4']) ctl.extend_circuit(0,['mwserver', 'charlesbabbage']) In many cases, refreshing page after script finished leads to corrupted pages. Marek -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: http://getfiregpg.org iD8DBQFIfpKZr7KgZiv8EokRAi3CAJ9Ky4Wuh3EC7wcdx/EyOIFKXYNGRQCgpOSE xIaC1+fvEJxOgsoGqVoytKQ= =HJkj -END PGP SIGNATURE-
