[tor-bugs] #29919 [Core Tor/Tor]: Tor DOS attack help, can a dev take this seriously please?

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Mar 27 13:06:28 UTC 2019


#29919: Tor DOS attack help, can a dev take this seriously please?
--------------------------+---------------------------
 Reporter:  HelpDOS       |          Owner:  (none)
     Type:  defect        |         Status:  closed
 Priority:  Very High     |      Milestone:
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:  duplicate
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+---------------------------
Changes (by asn):

 * status:  new => closed
 * resolution:   => duplicate


Comment:

 Replying to [comment:6 HelpDOS]:
 > I don't know enough about how Tor works to diagnose any further than I
 already have, with the lack of relevant errors/warnings in any of the logs
 could it be that he is attacking the introduction points? I read some
 possible issues for DoS attacks listed in the OnionBalance docs and their
 explanation of a "Complex Mode", which seems like it could resolve this,
 however no other references to how to enable that, I am assuming it hasn't
 yet been implemented.
 >
 > https://onionbalance.readthedocs.io/en/latest/design.html#complex-mode
 >
 > If it is currently available, that could be worth us trying but I don't
 know how to enable it.
 >
 > This stuck out to me "An onion service instance may rapidly rotate its
 introduction point circuits when subjected to a Denial of Service attack.
 An introduction point circuit is closed by the onion service when it has
 received max_introductions for that circuit. During DoS this circuit
 rotating may occur faster than the management server polls the HSDir
 system for new descriptors. As a result clients may retrieve master
 descriptors which contain no currently valid introduction points." under
 the Basic mode limitations listed here:
 > https://onionbalance.readthedocs.io/en/latest/design.html#limitations
 >
 > Could that relate to the "Server not found" error shown within Tor
 Browser? When researching that, it is often related to DNS issues in
 Firefox.


 Greetings HelpDOS and sorry for the troubles you are facing.

 I'm gonna close this ticket since it's a duplicate of #29607. It's not
 because we don't care about the issue, but more about keeping things
 organized and not splitting info over multiple tickets.

 Sorry for not being swift and responsive on this, but we are very low on
 resources right now since we are closing one grant (#28634) and we are
 about to jump to the next one. The good news is that the next grant is
 about onion services and we will have lots of time to look at issues like
 this. It's just that now we are completely out of time.

 Anyhow, I've been inspecting logs in my spare time and will try to write
 anything useful I find  in #29607.

 PS: I don't think that onionbalance complex mode will help here, but I
 still have not deduced the root of the issue. If you want to experiment
 with it, let me know how it went.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29919#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list