Detected possible compression bomb

My sys-whonix stopped connecting to the tor network, and I saw warnings in the logs:
Dec x x:x… [warn] Detected possible compression bomb with input size = 39192 and output size = 1020261
Dec x x:x… [warn] Possible compression bomb; abandoning stream.
Dec x x:x… [warn] Detected possible compression bomb with input size = 19657 and output size = 557648
Dec x x:x… [warn] Possible compression bomb; abandoning stream.
Does this look like an attack on me? Should I worry?

1 Like

Duplicate of:

1 Like

The linked thread on the Tor Project forum is closed and there is no option to reply?

Hi, relays receive this warning from time to time. It happens if an actor spoofes directory authority ips and sends crafted packed data. Tor detects that and handles it accordingly. Nothing to worry about.

Not sure if it needs to be said here however I have encountered this issue with Whonix-Gateway running as a client. No exit or relay functionality enabled.

1 Like

Tor Project has written Tor, that warning message, the surrounding source code.

Best chances to get substantial replies, is from Tor Project support.

See also:

Unspecific to Whonix.

Needs to be investigated as per:

1 Like

Once a post has been marked as a solution, the topic automatically closes after 24 hours without a reply.