#26294: attacker can force intro point rotation by ddos -------------------------------------------------+------------------------- Reporter: arma | Owner: asn Type: defect | Status: | merge_ready Priority: Medium | Milestone: Tor: | 0.4.2.x-final Component: Core Tor/Tor | Version: Severity: Normal | Resolution: Keywords: tor-hs, tor-dos, network-team- | Actual Points: 6 roadmap-august, security, 042-should | Parent ID: #29999 | Points: 7 Reviewer: dgoulet | Sponsor: | Sponsor27-must -------------------------------------------------+-------------------------
Comment (by s7r): The attacks are quite possible, but also the current replay cache behavior can be trivailly gamed so the onion service will rotate intro points more often than we would normally want and thus trigger a different sybil type attack where eventually the onion service pick a hostile introduction point. Both time limit and number of introductions limit are important and mitigate different thread models. Which is why I think configuring the replay cache to limit on a "hybrid" threshold (time + introductions) as described in comment:11 will not interfere with the issues and concerns described above. It's just about choosing the right variable min and max values so that introduction points are not rotated too fast but also cannot send unlimited replays (introductions) during their time-based lifetime. A "hybrid" limitation as described will simply enhance the current behavior instead of radically changing it. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26294#comment:35> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs