[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Strange Vanguards behavior? And some related questions!

On 12/21/19 4:00 AM, hikki@xxxxxxxxxxxxx wrote:
> I tried the Vanguards add-on, with all settings set to default.
> Question 1:
> But the first time I started tor with this add-on enabled, it connected to no
> less than 21 entry nodes! Most of these connections died out after a certain
> amount of time. But still, is this normal behavior?

Without more details this is hard to say. Was this a first-start of the
Tor client, or was it offline for a long time?

These connections might be directory mirror fetches unrelated to
vanguards. If Tor's consensus is stale or non-existent, it will
bootstrap from these mirrors instead of dirauths.

After this phase, a steady-state vanguards Tor client should use only
two Tor network connections. If this is not the case, please file a
ticket on github at https://github.com/mikeperry-tor/vanguards/issues.

> Question 2:
> If you limit the the `circ_max_megabytes` option in the Bandguards module,
> will that work as some kind of DoS protection?

This is unclear. You can see some details at an attempt at this here:

I think it won't be as helpful as other rate limiting solutions that
have already been merged to Tor:

But that fix may not drastically improve things yet either. More
complete HS DoS fixes are still in the works, and require significant
Tor protocol upgrades.

> Question 3:
> When, approximately, will we see the Vanguards add-on in the Tor source?

This will be a long project. The vanguards addon has many
sub-components, some of which still require more research and analysis
wrt false positives and reliability effects, and some may be
deprecated/altered by future changes such as conflux (multipath Tor
circuits). Overall timeline could be multiple years. This is why we put
the effort into getting the addon itself well-tested, included in
Debian, etc.

Of all the defenses, the Proposal #247 multi-layer guards sub-component
is closest to being ready for inclusion in Tor itself in terms of being
well-understood, but even this piece by itself is a large engineering
effort that currently has no funding to complete.

Mike Perry

Attachment: signature.asc
Description: OpenPGP digital signature

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to