[tor-bugs] #16052 [Tor]: Hidden service DoS by hammering RELAY_BEGIN
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat May 16 14:56:13 UTC 2015
#16052: Hidden service DoS by hammering RELAY_BEGIN
------------------------+------------------------------------
Reporter: asn | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version:
Keywords: tor-hs dos | Actual Points:
Parent ID: | Points:
------------------------+------------------------------------
Hello,
it seems that some HSes are getting DoSed by an attacker who establishes a
few circuits and then sends thousands of `RELAY_BEGIN` cells through them.
It's basically a variant of #15515, but fortunately this can be fixed by
patching the HS.
Here are some fixes ideas from Yawning:
a) Some variation on "implement a hard cap on the number of simultaneous
streams that can be associated to a given circuit before we start
rejecting RELAY_BEGINs". Will break apps if the hard cap is too low due
to web browsers wanting to open tons of TCP/IP connections (limiting it to
something like... 16/32/64 with it being tunable may be ok, consult Mike?)
b) Apply throttling to RELAY_BEGINs over a given circuit. Something like
"allow up to N streams to complete immediately, then each subsequent
stream will be delayed for x seconds, doubling for each additional
RELAY_BEGIN, resetting after y seconds". Annoying since queuing is
required (OOM hazard here?).
c) "If you want to be more resilient to this, use an AF_UNIX backed HS".
This should* shift the part that crumples to the app code, at which point
it's kind of not our problem.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16052>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list