[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Onion DoS: Killing rendezvous circuits over the application layer

To: George Kadianakis <desnacked@xxxxxxxxxx>
Subject: Re: [tor-dev] Onion DoS: Killing rendezvous circuits over the application layer
From: teor <teor@xxxxxxxxxx>
Date: Mon, 9 Dec 2019 12:12:55 +1000
Cc: Nick Mathewson <nickm@xxxxxxxxxxxxxx>, tor-dev@xxxxxxxxxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 08 Dec 2019 21:13:15 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1575857580; bh=3dyhr4C+LxXv6YYO48pS9ckG1ne6o3It99YdM1Tnp40=; h=From:Subject:Date:References:Cc:In-Reply-To:To:From; b=dw9z3EX2svbIN8kYcIi221AHIbjYFxhdjsMVALI9mpjTgmNE7qH6b9RtH6+qSZ01O 6xg1h+dRvh+HUu58PVrhXMc9XP3HT5WN6oFRKuHa/VJD65FcX9nDe67x6F2y/CoceI BARrAwWo1mYz+WsGwJQfdNATE5x9g2KMJXAu5s7A=
In-reply-to: <87immyrez1.fsf@riseup.net>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <87immyrez1.fsf@riseup.net>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi,

There's also another negative we haven't considered:

> On 3 Dec 2019, at 00:16, George Kadianakis <desnacked@xxxxxxxxxx> wrote:
> 
> Negatives:
> 
> a) It's a dirty hotfix that blends the networking layers and might be annoying
>   to maintain in the long-term.
> 
> b) It only works for HTTP (and without SSL?).

c) We'll need to make sure that this defence can't be triggered accidentally,
   (or maliciously via request or response content), otherwise it turns into
   another way of triggering a DoS.

For example, if we searched for a custom string anywhere in the data stream,
then any page documenting that string would be unavailable.

T
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] Onion DoS: Killing rendezvous circuits over the application layer
  - From: George Kadianakis

Prev by Author: [tor-dev] (No Subject)
Next by Author: Re: [tor-dev] Updates to Prop306: A Tor Implementation of IPv6 Happy Eyeballs
Previous by thread: Re: [tor-dev] Onion DoS: Killing rendezvous circuits over the application layer
Next by thread: Re: [tor-dev] Onion DoS: Killing rendezvous circuits over the application layer
Index(es):
- Author
- Thread