[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] Does a design document for the DoS subsystem exist?



Hi all,

We are investigating how Tor protects itself against Denial-of-Service
(DoS) attacks. So far, it has been difficult to find a comprehensive
top-level design document for the DoS subsystem (e.g., a torspec or
proposal) that reflects the decisions that lead to the subsystem in its
current form.

Specifically, we are looking at the DoS mitigation subsystem code for
entry guards at src/core/or/dos.{h,c} [1]. We are trying to understand
the chosen countermeasures and how the default and current consensus
values came to be, e.g., the decision to limit to 3 circuits per second
after the initial burst.

1) Could you kindly point us in the right direction if any such document
exists?

2) If it does not exist, would you mind briefly explaining how the DoS
threshold values (such as DoSCircuitCreationMinConnections,
DoSCircuitCreationRate, DoSCircuitCreationBurst, and
DoSConnectionMaxConcurrentCount) were chosen?

Thank you very much in advance.

Kind regards

Lennart Oldenburg
KU Leuven

[1] https://gitweb.torproject.org/tor.git/tree/src/core/or/dos.c
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev