[tor-bugs] #16052 [Tor]: Hidden service socket exhaustion by opening many connections (was: Hidden service DoS by hammering RELAY_BEGIN)

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat May 16 15:16:11 UTC 2015


#16052: Hidden service socket exhaustion by opening many connections
------------------------+------------------------------------------
     Reporter:  asn     |      Owner:
         Type:  defect  |     Status:  new
     Priority:  normal  |  Milestone:  Tor: 0.2.7.x-final
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:  tor-hs dos SponsorR SponsorU
Actual Points:          |  Parent ID:
       Points:          |
------------------------+------------------------------------------
Changes (by nickm):

 * keywords:  tor-hs dos => tor-hs dos SponsorR SponsorU


Comment:

 Not a very sophisticated attack; this is the kind of port/fd exhaustion
 thing that ought to work against any webserver. (RELAY_BEGIN is to Tor
 approximately as SYN is to TCP: welcome to the 1990s.)

 The only HS-specific wrinkles here are:
     * We can't do IP-based filtering.
     * We *can* do circuit-aware mitigations.

 I like 'a' as an immediate countermeasure, especially with a configurable
 limit. I like 'c' as a recommendation.  Let me also suggest:

   d) do something similar to our OOM prevention code, where when we run
 low on sockets, we kill certain circuits and their connections based on
 some reasonable metric.

   e) think of some way to signal to the application which requests are
 arriving on the same circuit as other requests.

   f) just to be sure, we should try this on a test network with profiling
 enabled to make sure there isn't some O(1) thing going on here in our own
 code.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16052#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list