[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #16052 [Tor]: Hidden service socket exhaustion by opening many connections (was: Hidden service DoS by hammering RELAY_BEGIN)
#16052: Hidden service socket exhaustion by opening many connections
------------------------+------------------------------------------
Reporter: asn | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version:
Resolution: | Keywords: tor-hs dos SponsorR SponsorU
Actual Points: | Parent ID:
Points: |
------------------------+------------------------------------------
Changes (by nickm):
* keywords: tor-hs dos => tor-hs dos SponsorR SponsorU
Comment:
Not a very sophisticated attack; this is the kind of port/fd exhaustion
thing that ought to work against any webserver. (RELAY_BEGIN is to Tor
approximately as SYN is to TCP: welcome to the 1990s.)
The only HS-specific wrinkles here are:
* We can't do IP-based filtering.
* We *can* do circuit-aware mitigations.
I like 'a' as an immediate countermeasure, especially with a configurable
limit. I like 'c' as a recommendation. Let me also suggest:
d) do something similar to our OOM prevention code, where when we run
low on sockets, we kill certain circuits and their connections based on
some reasonable metric.
e) think of some way to signal to the application which requests are
arriving on the same circuit as other requests.
f) just to be sure, we should try this on a test network with profiling
enabled to make sure there isn't some O(1) thing going on here in our own
code.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16052#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs