[tor-bugs] #29607 [Core Tor/Tor]: 2019 Q1: Denial of service on v2 and v3 onion service

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Mar 27 14:02:50 UTC 2019 

#29607: 2019 Q1: Denial of service on v2 and v3 onion service
--------------------------+-------------------------------
 Reporter:  pidgin        |          Owner:  pidgin
     Type:  defect        |         Status:  accepted
 Priority:  Immediate     |      Milestone:
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:  Sponsor27-can
--------------------------+-------------------------------

Comment (by asn):

 Replying to [comment:38 HelpDOS]:
 > Replying to [comment:37 asn]:
 > > Replying to [comment:36 HelpDOS]:
 > > > Replying to [comment:35 asn]:
 > > > > Closed #29919 as a duplicate for this one. More info over there.
 > > >
 > > > Hi asn,
 > > >
 > > > Understandable why you closed my ticket, at a point of desperation
 and just hoping someone will take real interest in looking into this.
 Which is why I am able to offer access to a server that is currently being
 attacked. I believe I saw a chat log of you first discussing complex mode
 in 2015 for OnionBalance. Do you have any links for how to enable
 it/configure it? I am going to try it out to see if it is a resolution for
 this, with the theory of introduction points being attacked.
 > > >
 > > > Thank you.
 > >
 > > Hey, I just remembered that complex mode was never implemented for
 onionbalance, because it was harder to implement and we thought there was
 no real use for it.
 > >
 > > I'm not currently interested (or have the time) to get access to a
 server that is under attack.
 > >
 > > I think the most useful thing right now would be to have more logs
 that display the attack. I want debug or info logs that last for 1-2 hours
 of the attack and display the whole Tor lifetime (from startup to
 shutdown). Please sanitize them correctly (make sure that guard names and
 onion names are not visible).
 > >
 > > Same for vanguard logs on debug or info if you use vanguards.
 >
 > I will provide you with any logs I can later today. Could you please
 send a full list of anything that could help in debugging just to make
 sure you have everything relevant? Thank you

 Hm. It would be great if we could have all debug logs from Tor startup to
 Tor shutdown. Please scrub the names of your primary guards and your onion
 address and anything else that might seem pervasive, but please try to not
 destroy the accuracy of the logs (by double-pasting or removing
 surrounding lines).

 Another thing that might be helpful would be to try with a blank
 '''state''' file so that Tor discards any previous circuit timeouts and
 performance measurements etc. (you can find the state file in your data
 directory. please don't delete it, just backup it somewhere else so that
 you can then restore it).

 Furthermore, it would be cool if we knew exactly when Tor tops up to 100%
 CPU. Will it happen immediately? When will it happen? I would like to
 correlate the time with the log lines. But if that's too much to track,
 just do all the rest well and it should be OK.

 Again, I cannot guarantee that such a log file will result in us instantly
 solving the problem, but it might move us forward.

 Cheers.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29607#comment:39>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list