#20212: Tor can be forced to open too many circuits by embedding .onion 
     Reporter:  gacar         |      Owner:
         Type:  enhancement   |     Status:  new
     Priority:  Medium        |  Milestone:
    Component:  Core Tor/Tor  |    Version:
     Severity:  Normal        |   Keywords:
Actual Points:                |  Parent ID:
       Points:                |   Reviewer:
      Sponsor:                |
 A malicious web page or an exit node* can force Tor to open too many new
 circuits by embedding resources from multiple .onion domains.

 I could observe up to 50 new circuits per second, and a total of a few
 hundred circuits in less than a half minute.

 The embedded HS domains don't need to exist, Tor will still open an new
 internal circuit for each .onion domain to download the descriptors.

 I guess forcing clients to make too many circuits may enable certain
 attacks, even though the circuits are internal.

 Maybe Tor (or Tor Browser) could cap the number of new circuits opened
 within a time window. I can't think of a realistic use case for loading
 resources from tens of different hidden services.

 *: only when the connection is unencrypted HTTP

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20212>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
tor-bugs mailing list

Reply via email to