[tor-bugs] #16052 [Tor]: Hidden service socket exhaustion by opening many connections

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed May 20 12:55:15 UTC 2015


#16052: Hidden service socket exhaustion by opening many connections
------------------------+------------------------------------------
     Reporter:  asn     |      Owner:
         Type:  defect  |     Status:  new
     Priority:  normal  |  Milestone:  Tor: 0.2.7.x-final
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:  tor-hs dos SponsorR SponsorU
Actual Points:          |  Parent ID:
       Points:          |
------------------------+------------------------------------------

Comment (by asn):

 OK, I tried to reproduce the attack. The naive attack of sending 10k
 `RELAY_BEGIN` cells on a single circuit, seems to overwhelm Tor for a few
 seconds, and it gets worse depending on the underlying application. I
 imagine that with a web server, the whole system will be overwhelmed.

 Then, I did a bit of testing with Yawning's branch. With the naive attack,
 it seems that Yawning's branch works as intended (ignores superfluous
 `RELAY_BEGIN` cells) but it doesn't stop the DoS. That is, the whole
 system still goes at 100% CPU just because of cell processing (I think).

 If we change Yawning's patch to tear down the circuit after the max number
 of streams have been encountered, then it seems to work better.

 We discussed making this behavior more configurable by having two
 switches:

 `HiddenServiceMaxStreams`: The maximum number of simultaneous streams on
 an HS circuit.

 `HiddenServiceMaxStreamsCloseCircuit`: If set, then when
 `HiddenServiceMaxStreams` is triggered, we close the respective circuit.
 If not set, we just ignore requests for superfluous streams. (Default:
 off)


 (The positive thing of not killing the circuit above, is that the circuit
 will recover once the number of streams goes below the threshold)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16052#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list