#29174: Guard Node can eclipse the hidden service -----------------------------------+------------------------------------ Reporter: TBD.Chen | Owner: (none) Type: defect | Status: new Priority: Very High | Milestone: Component: Core Tor/Tor | Version: Tor: 0.3.0.1-alpha Severity: Critical | Resolution: Keywords: guard, hidden service | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: -----------------------------------+------------------------------------
Comment (by mikeperry): Interesting. This is another argument for Proposal 291 in my mind. A single guard has too much power to induce DoS and other downtime signals like this. The vanguards addon should similarly mitigate this attack, as it uses 2 guards by default. The malicious guard would just cause introduce1 timeouts on clients, but not be able to mount a full "eclipse" DoS attack. As for path bias -- it was designed to detect circuit failures caused by the guard. This case is different because the circuit can become live and successfully used for one or more initial introduce1 cells, and thus path bias system will deem it successfully used. After that point, there is no way for a client to determine if the circuit has just gone quiet because no one is using the HS vs the guard simply not sending any more introduce1 cells on the circuit. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29174#comment:3> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs