On 19 December 2025 00:46:28 GMT, krishna e bera via tor-relays <[email protected]> wrote: >Hi all, > > >Just got the below notice from researchers. > > >Is the stated vulnerability an actively exploited problem or is this a DoS >attack by scaremongering? > >This topic seems to have been covered in >https://nusenu.medium.com/how-vulnerable-is-the-tor-network-to-bgp-hijacking-attacks-56d3b2ebfd92 > > >but i am not sure how to apply it to my situation. > > >I have turned off the Guard capability for now. > >Doubtful i can influence the service provider to get them to publish a new ROA. > >Is there another mitigation? > >Regrets to all who were using the service :( > > > >-------- Forwarded Message -------- >Subject: Potential vulnerability found in your Tor Relay >Date: Thu, 18 Dec 2025 23:57:20 +0000 >From: ENGR - SIDR > > > >Hello, > >We are writing to alert you that your Tor relay(s) (Pasquino3) is/are >vulnerable to active BGP attacks that could be used to de-anonymize users. The >best mitigation to help protect your relay is to have your service provider >publish a ROA for prefix(es) 209.44.96.0/19 at AS(es) 10929 with a >maxLength(s) of 19. > >We are researchers from the University of Connecticut reaching out to inform >you that your Tor guard relay with IP address(es) 209.44.114.178 (Pasquino3) >is/are currently covered by a Route Origin Authorization (ROA) which has an >improperly configured maxLength attribute. This makes it vulnerable to BGP >subprefix origin hijacks, where a malicious autonomous-system-level attacker >may announce a subprefix of 209.44.96.0/19 and misdirect traffic destined with >a high (>99%) rate of success. Guidance on how to correctly set the maxLength >attribute is contained in https://datatracker.ietf.org/doc/html/rfc9319. > >We determined this vulnerability using public data sets including relay >information from the Tor consensus, the RIPEStat data for IP prefix, and ROA >coverage information. Feel free to contact us if you have further questions. > >For further information on ROAs, see >https://www.ripe.net/manage-ips-and-asns/resource-management/rpki/bgp-origin-validation/ > >If you are not a Tor relay operator and this message reached you in error, >please let us know. > >Thank you, > >UConn Secure Interdomain Routing Group >_______________________________________________ >tor-relays mailing list -- [email protected] >To unsubscribe send an email to [email protected]
I have just received this message too. Any advice would be helpful. Mick -- Sent from a mobile device. Please excuse my brevity. _______________________________________________ tor-relays mailing list -- [email protected] To unsubscribe send an email to [email protected]
