[tor-bugs] #24902 [Core Tor/Tor]: Denial of Service mitigation subsystem

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jan 15 21:29:38 UTC 2018 

#24902: Denial of Service mitigation subsystem
-----------------------------+------------------------------------
 Reporter:  dgoulet          |          Owner:  dgoulet
     Type:  enhancement      |         Status:  needs_review
 Priority:  Medium           |      Milestone:  Tor: 0.3.3.x-final
Component:  Core Tor/Tor     |        Version:
 Severity:  Normal           |     Resolution:
 Keywords:  ddos, tor-relay  |  Actual Points:
Parent ID:                   |         Points:
 Reviewer:                   |        Sponsor:
-----------------------------+------------------------------------
Changes (by dgoulet):

 * status:  assigned => needs_review


Comment:

 I'm submitting today, for initial review, a branch that contains a basic
 skeleton of this subsystem and a DoS circuit creation mitigation feature.

 This is a draft of the design and I hope to get it in a MUCH BETTER format
 to put in `doc/` at some point if we want this:

 https://people.torproject.org/~dgoulet/volatile/ddos-design.txt

 Few things to mention.

 First, there are no unit tests because before doing so I wanted more
 opinions on the design, engineering and overall structure of the code.

 Second, this code has been running on my relay for ~4 days where more than
 330 IPs have been identified has malicious and for which cells are being
 dropped (which is the defense in place).

 Third, there could be still an issue with client traffic going through an
 Exit and back in the network, we need to address this or at least mitigate
 it as much as we can before we deploy.

 Fourth, this feature is disabled by default and I would expect that in
 normal circumstances, it won't be used at all. I see this as a way to help
 out in situations like the one we are in right now.

 Last thing, there is another possible mitigation with regards of high
 number of concurrent TCP connections doing tor2web. We are seeing that at
 high rate right now on the network (most likely scanning the "DarkWeb")
 but this branch is *NOT* about that but a detection/defense could take
 advantage of this code in many ways.

 See branch: `dgoulet/ddos_033_03`

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24902#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list