[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] Does a design document for the DoS subsystem exist?

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-dev] Does a design document for the DoS subsystem exist?
From: Lennart Oldenburg <lennart.oldenburg@xxxxxxxxxxxxxxxx>
Date: Thu, 9 Apr 2020 18:58:30 +0200
Cc: Günes Acar <Gunes.Acar@xxxxxxxxxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 09 Apr 2020 13:01:14 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0

Hi all,

We are investigating how Tor protects itself against Denial-of-Service
(DoS) attacks. So far, it has been difficult to find a comprehensive
top-level design document for the DoS subsystem (e.g., a torspec or
proposal) that reflects the decisions that lead to the subsystem in its
current form.

Specifically, we are looking at the DoS mitigation subsystem code for
entry guards at src/core/or/dos.{h,c} [1]. We are trying to understand
the chosen countermeasures and how the default and current consensus
values came to be, e.g., the decision to limit to 3 circuits per second
after the initial burst.

1) Could you kindly point us in the right direction if any such document
exists?

2) If it does not exist, would you mind briefly explaining how the DoS
threshold values (such as DoSCircuitCreationMinConnections,
DoSCircuitCreationRate, DoSCircuitCreationBurst, and
DoSConnectionMaxConcurrentCount) were chosen?

Thank you very much in advance.

Kind regards

Lennart Oldenburg
KU Leuven

[1] https://gitweb.torproject.org/tor.git/tree/src/core/or/dos.c
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Does a design document for the DoS subsystem exist?
  - From: George Kadianakis

Prev by Author: Re: [tor-dev] Does a design document for the DoS subsystem exist?
Next by Author: [tor-dev] Proposal XXX: FlashFlow: A Secure Speed Test for Tor (Parent Proposal)
Previous by thread: [tor-dev] Walking onions status update: week 5 notes
Next by thread: Re: [tor-dev] Does a design document for the DoS subsystem exist?
Index(es):
- Author
- Thread