Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Tor Tor
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 329
    • Issues 329
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 31
    • Merge requests 31
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Core
  • TorTor
  • Issues
  • #10221
Closed
Open
Issue created Nov 23, 2013 by Trac@tracbot

Implement BGP malicious route checks before publishing descriptor in consensus

Alternatively, treat as normal and simply flag the BGP route as malicious or not for the listed endpoints in a consensus.

This is in response to observed, repeated, malicious route jacking attacks for specific address ranges through monkey-in-the-middle attackers.

"Malicious route jacking" is explicitly mentioned here as distinct from anomalous route changes or advertisement behavior, nor does it encompass benign incompetence affecting widespread route behavior of an indiscriminate nature.

See also: http://www.renesys.com/2013/11/mitm-internet-hijacking/ http://www.renesys.com/2010/11/chinas-18-minute-mystery/

Trac:
Username: anon

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking