Opened 9 years ago

Closed 8 years ago

Last modified 6 years ago

#723 closed defect (fixed)

i2ptunnel darkloris

Reported by: zzz Owned by: zzz
Priority: minor Milestone: 0.9.19
Component: apps/i2ptunnel Version: 0.9.2
Keywords: Cc:
Parent Tickets: Sensitive: no


Review i2ptunnel servers and mitigate where possible. Several variants of the attack may be effective. Ensure there are timeouts everywhere.



Change History (5)

comment:1 Changed 9 years ago by zzz

Owner: set to zzz
Status: newaccepted

in 0.9.2-11, in I2PTunnelHTTPServer and I2PTunnelIRCServer:

  • per-read timeout lowered from 60s to 15s
  • total header read timeout implemented at 30s
  • post-header read timeout changed from unlimited to 5 min (std server too)

People may do limited testing against stats.i2p which is running -11. Please get ask me on IRC #i2p-dev before doing extensive testing.

This is not a complete solution, and one may not be possible. Leaving open pending testing and add'l review.

comment:2 Changed 9 years ago by Eche|on

I will do run echelon.i2p on -12, you can test against it. Try your luck


comment:3 Changed 9 years ago by zzz

Still no reports of tests, and I haven't tested it either. The forum thread is http://forum.i2p/viewtopic.php?t=7356

comment:4 Changed 8 years ago by zzz

Resolution: fixed
Status: acceptedclosed

Closing for now. If somebody tests or thinks we can do better, please reopen with more info.

comment:5 Changed 6 years ago by zzz


Much better fix that handles intra-line timeouts, in 064616c2027d7a6aff3bcefea141ac580cafea37 0.9.18-17-rc

Note: See TracTickets for help on using tickets.