#26294: attacker can force intro point rotation by ddos -------------------------------------------------+------------------------- Reporter: arma | Owner: asn Type: defect | Status: | merge_ready Priority: Medium | Milestone: Tor: | 0.4.2.x-final Component: Core Tor/Tor | Version: Severity: Normal | Resolution: Keywords: tor-hs, tor-dos, network-team- | Actual Points: 6 roadmap-august, security | Parent ID: #29999 | Points: 7 Reviewer: dgoulet | Sponsor: | Sponsor27-must -------------------------------------------------+-------------------------
Comment (by dgoulet): After reviewing this thread, I personally feel like the trade off here in favor of this patch is OK. I'm not too worried about the `INTRO2` cell being used as a side channel for the service Guard. We allow many more cells to do that, as in any other HS cell not meant for an origin circuit for instance will be dropped silently with that log info: {{{ log_info(LD_PROTOCOL, "Dropping cell (type %d) for wrong circuit type.", command); }}} The part that worries me more is the "make the service interact with the tor network" as in opening RP circuits. But this will be for N interactions where N is quite low since it can only be done when the replay cache is reset which is drastically more with this patch. My two cents: All in all, less IP rotation is a better compromise overall than what we allow with regards to INTRO2 cell replay. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26294#comment:42> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs