Opened 7 years ago

Closed 6 years ago

Last modified 4 years ago

#723 closed defect (fixed)

i2ptunnel darkloris

Reported by: zzz Owned by: zzz
Priority: minor Milestone: 0.9.19
Component: apps/i2ptunnel Version: 0.9.2
Keywords: Cc:
Parent Tickets:

Description

Review i2ptunnel servers and mitigate where possible. Several variants of the attack may be effective. Ensure there are timeouts everywhere.

http://dwey2fxttunmthwjeqzexyejjcltqnewzp4oprllzlrjnxogm3xq.b32.i2p/all/software/2012/09/11/dark-loris.html
http://blog.kejsarmakten.se/all/software/2012/09/11/dark-loris.html

Subtickets

Change History (5)

comment:1 Changed 7 years ago by zzz

  • Milestone changed from 0.9.4 to 0.9.3
  • Owner set to zzz
  • Status changed from new to accepted

in 0.9.2-11, in I2PTunnelHTTPServer and I2PTunnelIRCServer:

  • per-read timeout lowered from 60s to 15s
  • total header read timeout implemented at 30s
  • post-header read timeout changed from unlimited to 5 min (std server too)

People may do limited testing against stats.i2p which is running -11. Please get ask me on IRC #i2p-dev before doing extensive testing.

This is not a complete solution, and one may not be possible. Leaving open pending testing and add'l review.

comment:2 Changed 7 years ago by echelon

I will do run echelon.i2p on -12, you can test against it. Try your luck

echelon

comment:3 Changed 7 years ago by zzz

Still no reports of tests, and I haven't tested it either. The forum thread is http://forum.i2p/viewtopic.php?t=7356

comment:4 Changed 6 years ago by zzz

  • Resolution set to fixed
  • Status changed from accepted to closed

Closing for now. If somebody tests or thinks we can do better, please reopen with more info.

comment:5 Changed 4 years ago by zzz

  • Milestone changed from 0.9.3 to 0.9.19

Much better fix that handles intra-line timeouts, in 064616c2027d7a6aff3bcefea141ac580cafea37 0.9.18-17-rc

Note: See TracTickets for help on using tickets.