Exit Balancing Patch

coderman coderman at gmail.com
Wed Jul 18 09:32:06 UTC 2007

On 7/18/07, Roger Dingledine <arma at mit.edu> wrote:
> On Wed, Jul 18, 2007 at 01:36:02AM -0700, Mike Perry wrote:
> > 1. Expand MAX_BELIEVABLE_BANDWIDTH from 1.5MBytes/sec to 10Mbytes/sec.
> ...
> It's true that this doesn't distribute load ideally, but putting the
> cap lower than some of the running routers can prevent an attacker from
> publishing a majority of absurdly fast routers and pushing every guard
> guard out of having guard status -- similar to the attack described
> in ...uptime-sanity-checking.txt

we were just discussing this today in #tor.  router "ghettogear"
consistently averaged 210-260KB/sec for weeks.  then on the 14th/15th
it went to 20.5MB/sec.  [likely too obvious] it then dropped to
6.1MB/sec; still enough to sit at the top of the node bw list (next
closest, blutmagie, is at 5.6MB/sec).

so defending against this kind of thing may be useful now, not just in
the future. :)

(also, there are only 32 nodes that are getting clipped right now at
1.5, so i don't see raising to 10 giving much improvement.)

> Actually, I just checked the code, and that attack works right now. :(
> We should consider modifying router_get_advertised_bandwidth() to cap
> its answer at MAX_BELIEVABLE_BANDWIDTH, so the smartlist we build in
> dirserv_compute_performance_thresholds() won't list the higher bandwidths.

does this mean that clipping prevents the attack inside
smartlist_choose_by_bandwidth, but the directory servers are still
exposed because of the way they compute thresholds, in turn affecting
guard / stable selection?

More information about the tor-dev mailing list