[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Help setting up tor dos defense

On 07 Jan (15:38:46), s7r wrote:
> David Goulet wrote:
> > Tor relays supporting the HS DoS defense (intro points) at this point in time
> > are not in majority. Basically >= relays do support it which
> > currently represents ~36% in bandwidth weight so roughly 1/3 of the network.
> > 
> > If a service enables the defenses (like you did above), it will NOT
> > specifically pick intro points supporting the defenses but will normally pick
> > intro points as it did before and _if_ they happen to support the HS defenses
> > (via protocol version "HSIntro=5"), then they are used. Yes, I agree, not
> > ideal but there is a valid reason.
> > 
> > This is in part to prevent partitionning onion services using the HS defenses
> > to a specific set of relays (those who support it). Bottom line is: if the set
> > of relays that can only be used by an onion service is reduced, attack surface
> > gets bigger.
> > 
> > As the relay in the network upgrades to latest stables, the network naturally
> > move towards supporting these defenses in majority. This is another
> > _extremely_ important reason why relay operators should stay up to date with
> > their tor application so the network can be more agile in deploying defenses
> > and improvements.
> > 
> Sure - the best move to prevent onion services partitioning using this
> HS defense. However, there is something unclear I'd like to understand.
> From the manual:
> **HiddenServiceEnableIntroDoSDefense** **0**|**1**::
> Enable DoS defense at the intropoint level. When this is enabled, the
> rate and burst parameter (see below) will be sent to the intro point
> which will then use them to apply rate limiting for introduction request
> to this service.
> The introduction point honors the consensus parameters except if this is
> specifically set by the service operator using this option. The service
> never looks at the consensus parameters in order to enable or disable
> this defense. (Default: 0)
> So the service hosting the HS does not look at this consensus param.
> Right now e do not have a consensus  param for this at all, but what
> will happen if the directory authorities will vote this consensus param
> as HiddenServiceEnableIntroDoSDefense 1? In this case, the introduction
> points will see that, and use the default values of 25 introductions per
> second with a burst of 200 / sec. In this case, if a HS operator wants
> to _disable_ this protection totally, he should set
> HiddenServiceEnableIntroDoSRatePerSec 0 which according to the manual:
> "If this option is 0, it is considered infinite and thus if
> **HiddenServiceEnableIntroDoSDefense** is set, it then effectively
> disables the defenses."?

Correct. A burst or rate that is 0 or crossing the upper limit, the intro
point will disable the defenses because the parameters received are unusable,
it does not fallback to the defaults.

The good news is that the torrc config parser should prevent you from putting
insane values but at the protocol level, it is still possible of course.

> Or should he just set HiddenServiceEnableIntroDoSDefense 0, which is
> already 0 by default for _services_?  (this is the confusing part).

Just setting "HiddenServiceEnableIntroDoSDefense 0" is enough to disable the
defense even if the consensus set it to 1.

The intro point always use what the service specifies. If nothing present,
then the consensus param is used.

So for the case that the service sets "HiddenServiceEnableIntroDoSDefense 0",
then that value is sent to the intro point indicating to disable the defense.

Hope this answer your question


Attachment: signature.asc
Description: PGP signature

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to