[tor-bugs] #24902 [Core Tor/Tor]: Denial of Service mitigation subsystem
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jan 16 15:41:04 UTC 2018
#24902: Denial of Service mitigation subsystem
-----------------------------+------------------------------------
Reporter: dgoulet | Owner: dgoulet
Type: enhancement | Status: needs_review
Priority: Medium | Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: ddos, tor-relay | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------+------------------------------------
Comment (by dgoulet):
Replying to [comment:3 teor]:
> As I suggested privately, I believe the best defense against tor traffic
via an exit is to count unauthenticated (client, bridge, onion service)
and authenticated (public relay) connections separately.
Yes indeed, that part is missing. I'm not entirely sure why we should
track independently connections here, this DoS mitigation only tracks
client connections.
So basically, I think we could do this for this extra "Exit detection"
protection which would be to check if it is a known digest and maybe also
check if we do have a matching non client channel for the address. What do
you think?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24902#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list