[tor-bugs] #24902 [Core Tor/Tor]: Denial of Service mitigation subsystem

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jan 19 15:43:49 UTC 2018 

#24902: Denial of Service mitigation subsystem
----------------------------------------------+----------------------------
 Reporter:  dgoulet                           |          Owner:  dgoulet
     Type:  enhancement                       |         Status:  accepted
 Priority:  Medium                            |      Milestone:  Tor:
                                              |  0.3.3.x-final
Component:  Core Tor/Tor                      |        Version:
 Severity:  Normal                            |     Resolution:
 Keywords:  ddos, tor-relay, review-group-30  |  Actual Points:
Parent ID:                                    |         Points:
 Reviewer:                                    |        Sponsor:
----------------------------------------------+----------------------------
Changes (by dgoulet):

 * status:  needs_revision => accepted


Comment:

 Moving this back to "accepted" since a lot will change after IRC
 discussions. The new and hopefully simpler design is this now:

 1. Have a circuit token bucket per-IP which is refilled with some value at
 some rate defined by consensus parameters. Remove token from bucket every
 time a CREATE is seen. If bucket goes down to 0, activate defense if the
 number of concurrent connection is above a certain threshold defined by a
 consensus parameter.

 2. Detect high connection amount of connections per-IP and start closing
 connections for that IP if that reaches a too high threshold specified by
 a consensus parameter.

 3. Add a torrc option and/or consensus parameter to refuse client
 connection with ESTABLISH_RENDEZVOUS or in other words, an anti tor2web
 option at the relay. These have been observed to be quite problematic as
 people are running hundreds (if not thousands) of tor2web clients scanning
 the onion space. As collateral damage, it is loading relays with
 connections for rendezvous circuits. We could easily integrate that option
 with a certain threshold of parallel connection like "if I see 10 conn on
 that IP doing RDV, block".

 I'm working on the new code for this.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24902#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list