[tor-bugs] #15463 [Tor]: Tor deals poorly with a very large number of incoming connection requests. (was: TOR CPU load 100%. Hidden service unavailable. Maybe zero-day vulnerability like "circuit storm".)

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Mar 27 01:29:02 UTC 2015 

#15463: Tor deals poorly with a very large number of incoming connection requests.
--------------------------+--------------------------------
     Reporter:  alberto   |      Owner:
         Type:  defect    |     Status:  new
     Priority:  critical  |  Milestone:  Tor: 0.2.7.x-final
    Component:  Tor       |    Version:  Tor: 0.2.5.11
   Resolution:            |   Keywords:  tor-hs
Actual Points:            |  Parent ID:
       Points:            |
--------------------------+--------------------------------
Changes (by yawning):

 * keywords:   => tor-hs
 * version:   => Tor: 0.2.5.11
 * milestone:   => Tor: 0.2.7.x-final


Comment:

 Changing the title to something that better describes the symptoms of the
 issue.  As far as I can tell, this isn't anything new.  Tor always had a
 hard time dealing with an extreme number of HS clients, and this appears
 to be an extreme illustration of what is a known issue (In particular
 #8902).

 Note: I'm not ruling out a crazy client side bug here that causes it to
 retry in a tight loop, new intro point and all, but even if that's the
 case, the server side problems still exist and need to be addressed.

 So time to discuss potential solutions/mitigation ideas.

 Yes, this will be a clear improvement:
  * Solve #11447.  `8` is more than likely too high for a retry count,
 especially when under load.
  * Implement the performance fixes suggested in #8902.
  * Prop 224.  Faster public key crypto should help things here.

 Maybe an improvement:
  * Consider rejecting single hop client to RP circuits.  Probably not a
 great idea since Tor2Web uses this functionality for performance reasons,
 and people that want to mount the "pro" version of this can just run their
 own RP, so there's not much to gain here.
  * Give serious thought to being more aggressive about dropping INTRODUCE2
 cells when under load.  While this will not prevent a HS from being
 extremely hard to reach, the current behavior is clearly not optimal here.

 No, not an option:
  * Cycle the IP under load.  Fetching the new IP is trivial, there is no
 gain here, and a lot of really scary anonymity impacts. (This would be the
 opposite of #8239, which would be bad).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15463#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list