[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #27921 [Core Tor/Tor]: apparent DOS / impairment-of-service against FallbackDirs using DIR requests, please evaluate for possible mitigation

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #27921 [Core Tor/Tor]: apparent DOS / impairment-of-service against FallbackDirs using DIR requests, please evaluate for possible mitigation
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 09 Nov 2018 16:43:08 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 09 Nov 2018 11:43:18 -0500
In-reply-to: <049.95bb9ac7ae08ca47fab639f649a1d803@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.95bb9ac7ae08ca47fab639f649a1d803@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#27921: apparent DOS / impairment-of-service against FallbackDirs using DIR
requests, please evaluate for possible mitigation
--------------------------+------------------------------------
 Reporter:  starlight     |          Owner:  (none)
     Type:  enhancement   |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |        Version:  Tor: 0.3.4.1-alpha
 Severity:  Normal        |     Resolution:
 Keywords:  tor-dos       |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by starlight):

 Replying to [comment:11 teor]:
 > But descriptors only change once an hour on directory mirrors, because
 mirrors don't fetch new descriptors until they get a new consensus. So
 this probably isn't helping them at all.

 Had to check this and (of course) you are correct.  I suppose then this is
 a hacked bit of bot code written by lazy untalented malware authors that
 don't understand descriptor documents with particular hashes never change,
 are easily cached, that only requests for new unknown digests are
 necessary.  Doubt it's old daemon code because the original DIR port
 blocker was effective for six months before the bot was modified to employ
 OR-port BEGIN_DIR circuits.

 Or perhaps the purpose here actually is low-grade harassment of the
 network.

 The theory will be supported if it morphs to a different form of DIR
 abuse, at which time I'll enhance the DIR service object to log IPs
 issuing excessive requests and have the existing iptables blocker script
 trigger off that.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27921#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #28382 [Core Tor/Tor]: Update bandwidth file headers in dir-spec
Next by Author: Re: [tor-bugs] #28286 [Core Tor/Tor]: Missing header in freespace.c when building for Android
Previous by thread: Re: [tor-bugs] #27921 [Core Tor/Tor]: apparent DOS / impairment-of-service against FallbackDirs using DIR requests, please evaluate for possible mitigation
Next by thread: Re: [tor-bugs] #27921 [Core Tor/Tor]: apparent DOS / impairment-of-service against FallbackDirs using DIR requests, please evaluate for possible mitigation
Index(es):
- Author
- Thread