[tor-bugs] #19984 [Core Tor/Tor]: Use a better set of comparison/evaluation functions for deciding which connections to kill when OOS
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Dec 15 04:39:36 UTC 2017
#19984: Use a better set of comparison/evaluation functions for deciding which
connections to kill when OOS
--------------------------+------------------------------------
Reporter: nickm | Owner: nickm
Type: defect | Status: accepted
Priority: High | Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: dos, sockets | Actual Points:
Parent ID: | Points: 2
Reviewer: | Sponsor: SponsorV-can
--------------------------+------------------------------------
Comment (by Hello71):
in other words, it's impossible to, using netblocks only, distinguish
between "real" clients behind some mobile network's carrier-grade NAT and
a bunch of regular clients on a VPS somewhere.
hm... upon further consideration though, perhaps it would be possible to
use a memory-hard proof of work algorithm here. even phones under $100
have at least 2 GB of RAM, so completing an occasional 1 GB POW should
only momentarily slow the device. should be easy on battery life too,
unlike a CPU POW. I did a quick calculation and an attacker would need s =
cfn, where s is the required server RAM, c is the challenge difficulty, f
is the frequency, and n is the number of connections to be held, and if c
= 1 GB * 3 sec, f = 1/10 min, n = 200, then s = 1 GB, or around $5/month
per 200 connections, which seems sufficiently expensive to deter this
particular attack. however, there are a number of downsides to this plan.
not only does it require additional protocol design (time which could be
spent doing something else, like IPv6 support), I hear the iOS Tor people
are limited to 15 MB, so even if the device has 10 GB of RAM that won't
help. I figure "you must reopen the Tor app every ten minutes to maintain
your connection" is not a good solution.
hm... perhaps we could use both: clients that require long-running
connections for things like IRC must submit proofs of work (either CPU or
memory), and iOS clients just have to live with occasionally re-
establishing their connections if the relay is under DoS.
regardless, in the short to medium term, we should probably implement the
bandwidth method. this latest surge in fake clients has noticeably
increased number of "users": https://metrics.torproject.org/userstats-
relay-country.html?start=2017-12-01&end=2017-12-15&country=all&events=on.
fortunately, performance has not yet been seriously affected, but it is
plausible that they will get more servers online and the curve will
continue going up.
in terms of implementation, is it correct that right now, only OR
connections count recent traffic?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19984#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list