#24902: Denial of Service mitigation subsystem
-------------------------------------------------+-------------------------
Reporter: dgoulet | Owner: dgoulet
Type: enhancement | Status:
| needs_review
Priority: Very High | Milestone: Tor:
| 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: ddos, tor-relay, review-group-30, | Actual Points:
029-backport, 031-backport, 032-backport |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by teor):
I think we should add two more Tor2web defences managed by a consensus
parameter:
* when an introduce cell is sent direct from a client, drop that cell and
any extend requests
* this is really important because it delays Tor2web introductions and
failed introduction extends
* drop HSDir lookups where the circuit came directly from a client
I think we should wait a release or two to turn the introduce and HSDir
ones on.
But if it gets really bad, and we backport them to 0.2.9, maybe we can
turn them on sooner.
I also think that Tor2web combined with single onion services makes a DDoS
much more likely.
Neither end has any guards, and they both make single hop connections,
And we're not defending against that at all right now.
When the service side is a directly connected client (single onion
service):
* we should automatically activate the introduce defence
* this is very effective, because it stops Tor2web straight away
* we should automatically activate the rendezvous defence (drop all cells)
as soon as the service connects
* this is not very effective, because the rendezvous has established,
but it's important for security
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24902#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
