[tor-bugs] #24902 [Core Tor/Tor]: Denial of Service mitigation subsystem
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jan 18 12:57:03 UTC 2018
#24902: Denial of Service mitigation subsystem
----------------------------------------------+----------------------------
Reporter: dgoulet | Owner: dgoulet
Type: enhancement | Status:
| needs_revision
Priority: Medium | Milestone: Tor:
| 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: ddos, tor-relay, review-group-30 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
----------------------------------------------+----------------------------
Comment (by asn):
OK I did a basic review of the code and the design.
I think the current code complexity stems from the slot/bucket design, and
splitting the time periods into slots, marking them, and assessing the
circuits based on slots. I think without the slot system the logic could
be as simple as:
{{{
-> for every new circuit of this IP, nr_of_circuits++;
-> every N seconds, reset nr_of_circuits for this IP.
if (nr_of_circuits > magic_number) {
return DROP;
}
return GOOD;
}}}
I understand that the slot design can eventually allow us to even block
attackers with a single connection while allowing normal clients to do
circuits bursts, but I'm questioning whether the complexity is worth it.
Furthermore, it's possible that the slot system can be exploited by
attackers, by really going all out during some 30 second slots, and
staying more chill for the rest of them, and still getting a pass for the
entire time period.
If we kill the slot system, we will get a '''very''' simple system but it
will be less versatile, and we will need to have a bigger `magic_number`
to be able to keep our false positives at a reasonable rate.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24902#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list