On 11/12/15, Mirimir <mirimir@riseup.net> wrote:
... Yes, it was subtle. But it was also, as I understand it, pointless except as an attack. And it was new behavior, right?
you would not believe the kinds of fucked up clients and relays that participate in the Tor network! even the friendly implementations in Java or Rust have at times failed in ways that look like an attack. i don't think people appreciate the scale, complexity, and novelty of activity in the Tor ecosystem.
But still, it wasn't fair to say "ignored". They just didn't see it.
on this we concur :)
... I did note that they might have been blindsided by a zero day vulnerability.
0day happens! response is important, and Tor has always responded with urgency and transparency in these situations.
how would you have spotted it?
I'm not technical enough to answer that. But generally, I think that they ought to put more effort into monitoring. Especially for new relays. Look for anything unusual.
this is indeed a challenge! not just for circuit behavior in general, but also bad exit checking (which is usually bad upstream) and suspicious cliques of relays. proposals and patches welcome :) best regards,