[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] insufficient hidden service performance is potential de-anonymizing DoS [was Re: [tor-dev] yes hello, internet supervillain here]

On 11/9/14, coderman <coderman@xxxxxxxxx> wrote:
> ...
> Andrea's distribution shows this type of behavior, as i would expect it:
> https://people.torproject.org/~andrea/loldoxbin-logs/analysis/length_distribution.txt
> e.g. send small bits to keep connection active and not closed by
> server side client send timeouts, then around 900-1000 chars call it
> good and finalize the request.

your ConstrainedSockets experiments are exactly what i would expect to
see if this technique were used, since reducing socket buffers would
allow you to have more concurrent connections open (and thus thwart a
DoS at lower limits).

note that the next level of breakage might show up at file descriptor
limits in processes like Tor or your Nginx server.  ulimits tuning
also suggested. (i like to use 32-64k as soft limit for all processes
on a server by default, and 0.25mm for front-end proxies running
Nginx/HAProxy or related services.)

last but not least, if you are pushing to extreme levels of
concurrence, be sure to disable CONNTRACK in iptables/xtables.

(or use an OS that has better performance with filtering
infrastructure, per the platform diversity thread active here the last
few days)

best regards,
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to