[tor-bugs] #27921 [Core Tor/Tor]: apparent DOS / impairment-of-service against FallbackDirs using DIR requests, please evaluate for possible mitigation

[Tor Bug Tracker & Wiki]

#27921: apparent DOS / impairment-of-service against FallbackDirs using DIR
requests, please evaluate for possible mitigation
--------------------------+------------------------------------
 Reporter:  starlight     |          Owner:  (none)
     Type:  enhancement   |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |        Version:  Tor: 0.3.4.1-alpha
 Severity:  Normal        |     Resolution:
 Keywords:  tor-dos       |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by starlight):

 Replying to [comment:9 teor]:
 . . .
 > I wonder if this is a bug in Tor. If it is, it seems to affect relays
 (or old clients). Are the addresses making these requests in the consensus
 as relays?

 Seems to me it's some actor with a dubious agenda.  They pull uncompressed
 full descriptors at a ridiculous rate from several stable relays, mine
 included.  Perhaps they are trying to detect changes with little or no
 delay, perhaps they are simply causing trouble the way the circuit extend
 idiots were (same idiots, likely as not).  Requests all originate from
 direct attached clients, a pool of rotating IPs in South America an SE
 Asia--botnet if you ask me.

 I have lists of IPs from the iptables blocker that was working early this
 year if you are interested.  Today I observed the connections serving the
 requests generally have back-pressure and standing send-Q bytes, the IPs
 appear similar to when the requests arrived via DIR port.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27921#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online