[tor-bugs] #27921 [Core Tor/Tor]: apparent DOS / impairment-of-service against FallbackDirs using DIR requests, please evaluate for possible mitigation

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Nov 7 00:08:10 UTC 2018


#27921: apparent DOS / impairment-of-service against FallbackDirs using DIR
requests, please evaluate for possible mitigation
--------------------------+------------------------------------
 Reporter:  starlight     |          Owner:  (none)
     Type:  enhancement   |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |        Version:  Tor: 0.3.4.1-alpha
 Severity:  Normal        |     Resolution:
 Keywords:  tor-dos       |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by starlight):

 next above will not work because several other configuration elements
 implicitly activate caching of full descriptors

 does any reason exist why I should not modify the daemon to reject
 individual descriptor queries?  seems to me relays pull "all"; I know that
 my scripts do

 either that or I will have the daemon log requesting IPs and feed them to
 scripts written to block the botnet when it came in via plaintext DIR port

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27921#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list