[tor-dev] Onion Service - Intropoint DoS Defenses

juanjo juanjo at avanix.es
Fri May 31 18:15:16 UTC 2019

Hello, can someone answer some questions I have about how this attacks work?

As far as I understand INTRODUCE2 cells are sent by Introduction Points 
directly to the Hidden Service. But this only happens after a Client 
sends the INTRODUCE1 cell to the Introduction Point.

Now the question is, do we allow more than 1 INTRODUCE1 per client 
circuit? If this is right, why? Or the attack is working because the 
client makes a new circuit/connection to the I.P. each time for sending 

On 31/5/19 14:21, David Goulet wrote:
> On 31 May (00:46:56), teor wrote:
>> Hi,
>>> On 30 May 2019, at 23:49, David Goulet <dgoulet at torproject.org> wrote:
>>> Over the normal 3 intro points a service has, it means 150 introduction
>>> per-second are allowed with a burst of 600 in total. Or in other words, 150
>>> clients can reach the service every second up to a burst of 600 at once. This
>>> probably will ring alarms bell for very popular services that probably gets
>>> 1000+ users a second so please check next section.
>> Do we know how many introduce cells are sent to popular services?
>> How can the operators of these services find out their current introduce rate?
> Yes good point.
> The only thing we have available is the heartbeat that should read like so:
>    log_notice(LD_HEARTBEAT,
>               "Our onion service%s received %u v2 and %u v3 INTRODUCE2 cells "
>               "and attempted to launch %d rendezvous circuits.",
>               num_services == 1 ? "" : "s",
>               hs_stats_get_n_introduce2_v2_cells(),
>               hs_stats_get_n_introduce2_v3_cells(),
>               hs_stats_get_n_rendezvous_launches());
> Those counters don't get reset so to get the rate one need to compare between
> two heartbeats (default is every 6h).
> Thus, if any big popular service out there (no need to give the .onion) can
> tell us the rate they see, it would be grand!
> Thanks!
> David
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20190531/76bc6a6f/attachment.html>

More information about the tor-dev mailing list