[tor-bugs] #27921 [Core Tor/Tor]: apparent DOS / impairment-of-service against FallbackDirs using DIR requests, please evaluate for possible mitigation
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Nov 9 16:43:08 UTC 2018
#27921: apparent DOS / impairment-of-service against FallbackDirs using DIR
requests, please evaluate for possible mitigation
--------------------------+------------------------------------
Reporter: starlight | Owner: (none)
Type: enhancement | Status: new
Priority: Medium | Milestone: Tor: unspecified
Component: Core Tor/Tor | Version: Tor: 0.3.4.1-alpha
Severity: Normal | Resolution:
Keywords: tor-dos | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------------
Comment (by starlight):
Replying to [comment:11 teor]:
> But descriptors only change once an hour on directory mirrors, because
mirrors don't fetch new descriptors until they get a new consensus. So
this probably isn't helping them at all.
Had to check this and (of course) you are correct. I suppose then this is
a hacked bit of bot code written by lazy untalented malware authors that
don't understand descriptor documents with particular hashes never change,
are easily cached, that only requests for new unknown digests are
necessary. Doubt it's old daemon code because the original DIR port
blocker was effective for six months before the bot was modified to employ
OR-port BEGIN_DIR circuits.
Or perhaps the purpose here actually is low-grade harassment of the
network.
The theory will be supported if it morphs to a different form of DIR
abuse, at which time I'll enhance the DIR service object to log IPs
issuing excessive requests and have the existing iptables blocker script
trigger off that.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27921#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list