Re: [tor-relays] «Possible compression bomb» from Authority?
Hi, I get these warnings from time to time too. I believe they are rather benign, though I wonder how a document with a 25:1 compression ratio can happen in practice. > Interestingly it's the dirport that > ie requested. I thought the dirport is no longer in use - do the > authorities still offer it? Authorities still provide a dirport, and relays are supposed to use it over a tunneled directory request. I believe some authority operators put varnish (or some other caching reverse-proxy) in front of their dirport, to limit the load of serving those files. At the very least, it reduces the amount of crypto required (none vs an OR connection), for data which is already public and signed anyway. On Wed, 7 Jun 2023 at 18:03, Felix wrote: > > Hi > > > Jun 03 04:04:33.000 [warn] Possible compression bomb; abandoning > > stream. Jun 03 04:04:33.000 [warn] Unable to decompress HTTP body > > (tried Zstandard compressed, on Directory connection (client reading) > > with 199.58.81.140:80). > > We see the compression bomb warning from time to time > > The address seems to be longclaw. Interestingly it's the dirport that > ie requested. I thought the dirport is no longer in use - do the > authorities still offer it? > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] «Possible compression bomb» from Authority?
Hi > Jun 03 04:04:33.000 [warn] Possible compression bomb; abandoning > stream. Jun 03 04:04:33.000 [warn] Unable to decompress HTTP body > (tried Zstandard compressed, on Directory connection (client reading) > with 199.58.81.140:80). We see the compression bomb warning from time to time The address seems to be longclaw. Interestingly it's the dirport that ie requested. I thought the dirport is no longer in use - do the authorities still offer it? pgptPL7q2q_s7.pgp Description: Digitale Signatur von OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] «Possible compression bomb» from Authority?
On Samstag, 3. Juni 2023 18:18:46 CEST Tschador wrote: > today I found this warning in the log of my relay > Jun 03 04:04:33.000 [warn] Possible compression bomb; abandoning stream. > What does this mean? A simple log message that the tord didn't unpack a Zip Bomp. DDOS protection in the Tor software I believe. https://en.wikipedia.org/wiki/Zip_bomb -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom! signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] «Possible compression bomb» from Authority?
Hi there, today I found this warning in the log of my relay (6A7551EEE18F78A9813096E82BF84F740D32B911): Jun 03 04:04:33.000 [warn] Possible compression bomb; abandoning stream. Jun 03 04:04:33.000 [warn] Unable to decompress HTTP body (tried Zstandard compressed, on Directory connection (client reading) with 199.58.81.140:80). What does this mean? Regards ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
