Opened 7 months ago

Closed 4 weeks ago

#29699 closed defect (duplicate)

INTRO2 replay warn logs with v3 onions

Reported by: mikeperry Owned by:
Priority: Medium Milestone: Tor: 0.4.2.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-hs, security, 041-deferred-20190530 042-should
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

While testing vanguards 0.3.0 with tor 0.4.0.2-alpha and a v3 onion service that was only for my testing, I got several loglines to the effect of

Mar 07 11:10:17.000 [info] hs_circ_handle_introduce2(): We received an INTRODUCE2 cell with same REND_COOKIE field 1 seconds ago. Dropping cell.
Mar 08 12:05:58.000 [warn] Possible replay detected! An INTRODUCE2 cell with thesame ENCRYPTED section was seen 0 seconds ago. Dropping cell.
Mar 08 14:17:21.000 [warn] Possible replay detected! An INTRODUCE2 cell with thesame ENCRYPTED section was seen 59 seconds ago. Dropping cell.

The client was Tor version 0.3.5.7 (git-9beb085c10562a25), from Tor Browser 8.0.6. The client was accessing the service as follows:

while [ true ]; do
  torsocks wget  http://$MYV3_ONION_NAME.onion/404 -O /dev/null
  killall -HUP tor;
done

That v3 404 url is in fact non-existant -- it does just send back a HTTP 404.

I'll match up some log instances and attach.

Child Tickets

Change History (9)

comment:1 Changed 7 months ago by dgoulet

Keywords: tor-hs added
Milestone: Tor: 0.4.1.x-final

I suspect actually that a client might be simply retrying the INTRODUCE1 using the same RP on the same intro points because it never got the ACK. Maybe a bug tor client side.

comment:2 Changed 7 months ago by mikeperry

This may be a dup of #26806

comment:3 Changed 6 months ago by s7r

Yes, this might be a dup of #26806. I get it from time to time on my v3 onions (like today for example). I was on Tor 0.4.0.1-alpha-dev installed from deb.tpo tor-nightly-master-stretch. This is a public v3 onion, so it gets some usage.

Apr 15 00:05:32.000 [warn] Possible replay detected! An INTRODUCE2 cell with thesame ENCRYPTED section was seen 5 seconds ago. Dropping cell.

comment:4 Changed 5 months ago by nickm

Keywords: security added

comment:5 Changed 5 months ago by nickm

Keywords: 041-deferred-20190530 added

Marking these tickets as deferred from 041.

comment:6 Changed 5 months ago by nickm

Milestone: Tor: 0.4.1.x-finalTor: 0.4.2.x-final

comment:7 Changed 5 weeks ago by nickm

Keywords: 042-should added

comment:8 Changed 4 weeks ago by asn

Closing this in favor of #26806. I'm moving #26806 to Sponsor27-must so that it gets handled.

comment:9 Changed 4 weeks ago by asn

Resolution: duplicate
Status: newclosed
Note: See TracTickets for help on using tickets.