[tor-dev] Does a design document for the DoS subsystem exist?
Lennart Oldenburg
lennart.oldenburg at esat.kuleuven.be
Thu Apr 9 16:58:30 UTC 2020
Hi all,
We are investigating how Tor protects itself against Denial-of-Service
(DoS) attacks. So far, it has been difficult to find a comprehensive
top-level design document for the DoS subsystem (e.g., a torspec or
proposal) that reflects the decisions that lead to the subsystem in its
current form.
Specifically, we are looking at the DoS mitigation subsystem code for
entry guards at src/core/or/dos.{h,c} [1]. We are trying to understand
the chosen countermeasures and how the default and current consensus
values came to be, e.g., the decision to limit to 3 circuits per second
after the initial burst.
1) Could you kindly point us in the right direction if any such document
exists?
2) If it does not exist, would you mind briefly explaining how the DoS
threshold values (such as DoSCircuitCreationMinConnections,
DoSCircuitCreationRate, DoSCircuitCreationBurst, and
DoSConnectionMaxConcurrentCount) were chosen?
Thank you very much in advance.
Kind regards
Lennart Oldenburg
KU Leuven
[1] https://gitweb.torproject.org/tor.git/tree/src/core/or/dos.c
More information about the tor-dev
mailing list