#26294: attacker can force intro point rotation by ddos -------------------------------------------------+------------------------- Reporter: arma | Owner: asn Type: defect | Status: | merge_ready Priority: Medium | Milestone: Tor: | 0.4.2.x-final Component: Core Tor/Tor | Version: Severity: Normal | Resolution: Keywords: tor-hs, tor-dos, network-team- | Actual Points: 6 roadmap-august | Parent ID: #29999 | Points: 7 Reviewer: dgoulet | Sponsor: | Sponsor27-must -------------------------------------------------+-------------------------
Comment (by asn): Replying to [comment:28 nickm]: > IIRC, the problem would be if an attacker found an introduce cell that they were very interested in, and replayed it a lot in order to see which rendezvous point got a bunch of retries. Hm, I'd like some more help with understanding this attack. The replay cache refactored by this ticket is the one that protects against replays from the intro point. So assuming that a malicious intro can now do replays, how does it also have visibility on which rendezvous point gets the retries? And how does the knowledge of retry help the attacker get information about the client or the service? -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26294#comment:29> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs