Hello, can someone answer some questions I have about how this attacks work?
As far as I understand INTRODUCE2 cells are sent by Introduction Points directly to the Hidden Service. But this only happens after a Client sends the INTRODUCE1 cell to the Introduction Point.
Now the question is, do we allow more than 1 INTRODUCE1 per client circuit? If this is right, why? Or the attack is working because the client makes a new circuit/connection to the I.P. each time for sending a INTRODUCE1?
On 31/5/19 14:21, David Goulet wrote:
On 31 May (00:46:56), teor wrote:
Hi,
On 30 May 2019, at 23:49, David Goulet dgoulet@torproject.org wrote:
Over the normal 3 intro points a service has, it means 150 introduction per-second are allowed with a burst of 600 in total. Or in other words, 150 clients can reach the service every second up to a burst of 600 at once. This probably will ring alarms bell for very popular services that probably gets 1000+ users a second so please check next section.
Do we know how many introduce cells are sent to popular services?
How can the operators of these services find out their current introduce rate?
Yes good point.
The only thing we have available is the heartbeat that should read like so:
log_notice(LD_HEARTBEAT, "Our onion service%s received %u v2 and %u v3 INTRODUCE2 cells " "and attempted to launch %d rendezvous circuits.", num_services == 1 ? "" : "s", hs_stats_get_n_introduce2_v2_cells(), hs_stats_get_n_introduce2_v3_cells(), hs_stats_get_n_rendezvous_launches());
Those counters don't get reset so to get the rate one need to compare between two heartbeats (default is every 6h).
Thus, if any big popular service out there (no need to give the .onion) can tell us the rate they see, it would be grand!
Thanks! David
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev