#20212: Tor can be forced to open too many circuits by embedding .onion resources -------------------------------------------------+------------------------- Reporter: gacar | Owner: tbb- | team Type: enhancement | Status: new Priority: Medium | Milestone: Tor: | unspecified Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: guard-discovery, | Actual Points: TorBrowserTeam201803 | Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+-------------------------
Comment (by asn): Here is another attack from IRC arma: An attacker could also setup an onion address that redirects you to another onion address which redirects you to another onion address ad infinitum. This allows the attacker to cause `n` onion loads in series, and if each page has `k` onions, this allows attacker to cause `n*k` onion loads. That's both an optimization but is also meant to work around any defences that try to restrict onion address loads per origin. Furthermore, depending on how stream isolation works, the above attack could also work with IPs/domain addresses and not just onions. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20212#comment:13> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs