[tor-bugs] #24902 [Core Tor/Tor]: Denial of Service mitigation subsystem
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jan 16 15:32:03 UTC 2018
#24902: Denial of Service mitigation subsystem
-----------------------------+------------------------------------
Reporter: dgoulet | Owner: dgoulet
Type: enhancement | Status: needs_review
Priority: Medium | Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: ddos, tor-relay | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------+------------------------------------
Comment (by dgoulet):
Replying to [comment:2 cypherpunks]:
> This seems like it may highly stress/kill off as well relays with old
Tor versions when the DDoSers change their guard (due to this patch) and
it eventually settles at some relay with an old Tor version.
Yes that is one of the worry I do have. However, this circuit creation
mitigation defense silently drop cells on a created circuit. In other
words, clients will open circuits on the Guard and the Guard returns
CREATED as a response so the client thinks it is valid and thus sends
bunch of cells that are silently dropped by the Guard at that point.
I believe this makes the client not switch Guard and just keep sending
stuff to the void. So the big Guard will soak up the load instead of
spreading it out.
Not perfect but a first step towards better defense.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24902#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list