#24902: Denial of Service mitigation subsystem -----------------------------+------------------------------------ Reporter: dgoulet | Owner: dgoulet Type: enhancement | Status: needs_review Priority: Medium | Milestone: Tor: 0.3.3.x-final Component: Core Tor/Tor | Version: Severity: Normal | Resolution: Keywords: ddos, tor-relay | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: -----------------------------+------------------------------------
Comment (by dgoulet): Replying to [comment:2 cypherpunks]: > This seems like it may highly stress/kill off as well relays with old Tor versions when the DDoSers change their guard (due to this patch) and it eventually settles at some relay with an old Tor version. Yes that is one of the worry I do have. However, this circuit creation mitigation defense silently drop cells on a created circuit. In other words, clients will open circuits on the Guard and the Guard returns CREATED as a response so the client thinks it is valid and thus sends bunch of cells that are silently dropped by the Guard at that point. I believe this makes the client not switch Guard and just keep sending stuff to the void. So the big Guard will soak up the load instead of spreading it out. Not perfect but a first step towards better defense. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24902#comment:4> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs