[tor-bugs] #15516 [Core Tor/Tor]: Consider rate-limiting INTRODUCE2 cells when under load

Mon Aug 19 17:07:31 UTC 2019

#15516: Consider rate-limiting INTRODUCE2 cells when under load
-------------------------------------------------+-------------------------
 Reporter:  special                              |          Owner:  dgoulet
     Type:  enhancement                          |         Status:  closed
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  unspecified
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-dos, tor-hs, network-team-       |  implemented
  roadmap-july, nickm-merge                      |  Actual Points:
Parent ID:  #29999                               |         Points:  10
 Reviewer:  asn                                  |        Sponsor:
                                                 |  Sponsor27-must
-------------------------------------------------+-------------------------

Comment (by asn):

 Replying to [comment:54 cypherpunks]:
 > I have deep concerns about this. It may not help against DoS at all, and
 NACKing in reply rather than dropping may make it worse. Although there
 are many of of them, the bandwidth consumed by INTRODUCE2 cells is not the
 main problem. The best defense in practice would likely be as described in
 https://lists.torproject.org/pipermail/tor-dev/2019-May/013849.html, or
 that, but modified so it's the service that drops them rather than the
 intro point. That would allow current unmodified relays to be used as
 intro points.

 Hello,

 as you say, we doubt that this attack will help restore availability to
 DoSed onion services. More about this on this old thread:
 https://lists.torproject.org/pipermail/tor-dev/2019-April/013790.html

 I also doubt that the NACK will make things worse for the health of the
 network since intro points were already sending an ACK anyway. And it will
 have no impact on the availability of the service either.

 Please see ticket #31223 for approaches that will improve availability of
 the service. Personally, while I'm cautiously open to PoW approaches, I
 doubt that they will help against a motivated adversary with a couple of
 GPUs, except if you also want only GPU clients to be able to visit the
 service. People who are experts on PoW have told me that they pretty
 inelegant when it comes to DoS resistance. If you feel the opposite feel
 free to run the numbers and let us know how it would work. Please use the
 mailing list for such discussions.

 In any case if you don't believe in this defence you can still disable it
 using #30924.

 Thanks! :)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15516#comment:56>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online