TOR compression bomb Meaning of entries in the Tor relay log file

by Admin -
- 80 minutes
TOR compression bomb Meaning of entries in the Tor relay log file

Warnings such as

[warn]
Detected possible compression bomb with input size = 22389 and output size =
716544

[warn]
Possible compression bomb; abandoning stream.

mean that your Tor relay detected while unpacking (decompressing) data packets that an unusually small compressed data packet grows to a very large amount of data when unpacked. This is a typical indication of a so-called decompression bomb or compression bomb.

What is a compression bomb?

A compression bomb is a deliberately manipulated, highly compressed file that expands to many times its original size when unpacked. The aim is to overload resources such as RAM or hard disk space and thus paralyze programs or entire systems — a well-known denial-of-service technique.

Why does this appear in the Tor log?

In the Tor network, compressed data is regularly exchanged between relays and directory authorities. If an actor attempts to send manipulated or maliciously packed data (e.g., from a fake directory authority), Tor detects this based on the extreme ratio of input to output data during decompression and aborts processing as a precaution23. The warning indicates that Tor is discarding the stream before any damage can occur.

Should I be concerned?

No,

not usually. These warnings indicate that Tor is functioning correctly and protecting itself by discarding suspicious streams Such incidents occur repeatedly and are usually the result of attacks or faulty data packets that intentionally or accidentally enter the network.

Only if your relay or Tor service permanently stops working or can no longer connect to the network should you check more closely to see if there are any other problems.

Summary

Theentries mean that your Tor relay has detected a potential compression bomb and discarded the affected data stream. This is a security mechanism and in most cases no cause for concern. If you experience repeated or persistent connection problems, you should further investigate the configuration and the system.