[network-health] (FWD) Directory authorities DDoSed by consensus fetches
arma at torproject.org
Wed Jan 29 09:23:38 UTC 2020
----- Forwarded message from Roger Dingledine <arma at torproject.org> -----
Date: Wed, 29 Jan 2020 04:11:46 -0500
From: Roger Dingledine <arma at torproject.org>
To: dir-auth at lists.tpo
Subject: Directory authorities DDoSed by consensus fetches
I wanted to let you know about an issue that came up over the past
few weeks, and is continuing.
In short, many thousands of places around the internet are fetching
the vanilla consensus document, uncompressed, from the dirport of the
moria and gabelmoo shot up to 400mbit/s sustained, and even that wasn't
enough because they couldn't reliably interact with the other dir auths
(e.g. send or receive votes) at that level of load.
Probably your dir auth is under huge load currently too.
Here's the plan:
(0) If you need to squeeze down your bandwidth use for now, e.g. by
setting a lower BandwidthRate, do it and don't feel bad. The pain will
continue for a while yet, and answering all of the requests is not worth
getting in trouble with your hoster.
(1) If you're into patching your Tor source yourself, here is a very
simple patch that will help you for now:
It prioritizes answering other relays and other directory authorities,
when rate limiting is kicking in. This patch won't by itself reduce
your bandwidth load, but it will let you turn down the BandwidthRate
knob while still being a productive useful dir auth.
(2) We'll have a more thorough version of this patch out sometime soon,
in the form of a git branch and eventually a Tor update. Let us know
if the patch in #1 doesn't do it for you and you need us to get to step
(3) Longer term, we need to start refusing (some of) these extra
requests. We have found some simple distinguishers that make us think
they are not actual Tor clients, and that mean we can refuse the requests
without that much collateral damage. We still need to think through
exactly how we want to do that though -- and putting some more defenses
in place, in case the requests morph into something else, could be smart
too. The ticket to follow here is
More when we have it,
----- End forwarded message -----
More information about the network-health