[tor-bugs] #29919 [Core Tor/Tor]: Tor DOS attack help, can a dev take this seriously please?

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Mar 27 12:31:46 UTC 2019 

#29919: Tor DOS attack help, can a dev take this seriously please?
--------------------------+------------------------
 Reporter:  HelpDOS       |          Owner:  (none)
     Type:  defect        |         Status:  new
 Priority:  Very High     |      Milestone:
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------
Changes (by HelpDOS):

 * keywords:  tor-dos tor-hs =>
 * sponsor:  Sponsor27-can =>


Comment:

 I don't know enough about how Tor works to diagnose any further than I
 already have, with the lack of relevant errors/warnings in any of the logs
 could it be that he is attacking the introduction points? I read some
 possible issues for DoS attacks listed in the OnionBalance docs and their
 explanation of a "Complex Mode", which seems like it could resolve this,
 however no other references to how to enable that, I am assuming it hasn't
 yet been implemented.

 https://onionbalance.readthedocs.io/en/latest/design.html#complex-mode

 If it is currently available, that could be worth us trying but I don't
 know how to enable it.

 This stuck out to me "An onion service instance may rapidly rotate its
 introduction point circuits when subjected to a Denial of Service attack.
 An introduction point circuit is closed by the onion service when it has
 received max_introductions for that circuit. During DoS this circuit
 rotating may occur faster than the management server polls the HSDir
 system for new descriptors. As a result clients may retrieve master
 descriptors which contain no currently valid introduction points." under
 the Basic mode limitations listed here:
 https://onionbalance.readthedocs.io/en/latest/design.html#limitations

 Could that relate to the "Server not found" error shown within Tor
 Browser? When researching that, it is often related to DNS issues in
 Firefox.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29919#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list