Re: [tor-relays] Log warning : possible (zlib) compression bomb on middle relays

2 Nov 2020

      also saw this on my Tor exit dannydevito, but these messages only
appeared once in logs (UTC time)
Nov  2 04:21:44 <daemon.warn> dannydevito Tor: Possible zlib bomb;
abandoning stream.
Nov  2 04:22:42 <daemon.warn> dannydevito Tor: Possible compression
bomb; abandoning stream.
Nov  2 04:22:42 <daemon.warn> dannydevito syslogd: last message repeated
2 times
Nov  2 04:23:42 <daemon.warn> dannydevito Tor: Possible zlib bomb;
abandoning stream.
Nov  2 04:23:42 <daemon.warn> dannydevito Tor: Possible compression
bomb; abandoning stream.
Nov  2 04:23:42 <daemon.warn> dannydevito syslogd: last message repeated
3 times
On 11/3/20 05:59, Christoph Graf wrote:
...
Same here on my bridge:
Nov  2 06:21:04 raspipfupf Tor[2556]: Possible zlib bomb; abandoning
stream.
Nov  2 06:21:04 raspipfupf Tor[2556]: Possible zlib bomb; abandoning
stream.
Time is UTC+1, nothing before and after
Cheers, Christoph
On 02.11.20 11:05, Guinness wrote:
...
Hi all,
We are at least 3 users running middle relays from 0.4.4.5 and after having
some logs like those :
Nov 02 05:30:55.000 [warn] Possible compression bomb; abandoning stream.
Nov 02 05:30:55.000 [warn] Possible zlib bomb; abandoning stream.
Nov 02 05:30:56.000 [warn] Possible compression bomb; abandoning stream.
Nov 02 05:31:00.000 [warn] Possible compression bomb; abandoning stream.
Nov 02 05:31:00.000 [warn] Possible compression bomb; abandoning stream.
Nov 02 05:31:00.000 [warn] Possible compression bomb; abandoning stream.
Nov 02 05:31:55.000 [warn] Possible compression bomb; abandoning stream.
Nov 02 05:31:56.000 [warn] Possible compression bomb; abandoning stream.

I'm wondering if this is an attack or a new feature (haven't checked
yet) but I'd like to know how many users are impacted.
The interesting informations are :

Number of warnings
What kind of relay it is (middle, exit, entry)

After your answers, I'll complete the issue I have opened on the bug
tracker.
Cheers,

tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Re: [tor-relays] Log warning : possible (zlib) compression bomb on middle relays