[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] insufficient hidden service performance is potential de-anonymizing DoS [was Re: [tor-dev] yes hello, internet supervillain here]

To: tor-talk <tor-talk@xxxxxxxxxxxxxxxxxxxx>, nachash@xxxxxxxxxxxxx
Subject: Re: [tor-talk] insufficient hidden service performance is potential de-anonymizing DoS [was Re: [tor-dev] yes hello, internet supervillain here]
From: coderman <coderman@xxxxxxxxx>
Date: Sun, 9 Nov 2014 02:52:35 -0800
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 09 Nov 2014 05:52:48 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=ESbqI9tQxE3n6ubvVH+kXzz2zB7/kmhfa2eCIwanRNU=; b=xD5CiLQ2nxZpv6ebbyPc73VPjIyq72mF12u3OfS8j6qJdyYunAZJa61soGVN4+dc8f ayfNosKguS0kEsk5PehxXvx4wnrvmiin1UMnrzAYo89zGhrC0Fr+2xmglUqtEz4xGcF+ tIBgRuF4mgFK23hjQl7rgyaqGZs2pMpIsyII5Ffn3WOcM1Vj3rHSX9eGrmHxLevyPJgt a8rXzhlfdrWYEGWsZLOS+S1F6cBQJ/6lj1d0rctELMFZMnML2w5YexyXFyOUQZ0KTY8a ksbFaA0PNpavMd2gLvU8ZQH4T9QeSx5MRgWHxLY62pHko23VkrzhaLlFo3tlDkjGfmb0 mTwQ==
In-reply-to: <CAJVRA1Qc_oDPMyiTKKETqqRrWkTK3j8qwi37ELhOk2xVTyvxqg@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAJVRA1Qc_oDPMyiTKKETqqRrWkTK3j8qwi37ELhOk2xVTyvxqg@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On 11/9/14, coderman <coderman@xxxxxxxxx> wrote:
> ...
> Andrea's distribution shows this type of behavior, as i would expect it:
> https://people.torproject.org/~andrea/loldoxbin-logs/analysis/length_distribution.txt
> e.g. send small bits to keep connection active and not closed by
> server side client send timeouts, then around 900-1000 chars call it
> good and finalize the request.

your ConstrainedSockets experiments are exactly what i would expect to
see if this technique were used, since reducing socket buffers would
allow you to have more concurrent connections open (and thus thwart a
DoS at lower limits).

note that the next level of breakage might show up at file descriptor
limits in processes like Tor or your Nginx server.  ulimits tuning
also suggested. (i like to use 32-64k as soft limit for all processes
on a server by default, and 0.25mm for front-end proxies running
Nginx/HAProxy or related services.)

last but not least, if you are pushing to extreme levels of
concurrence, be sure to disable CONNTRACK in iptables/xtables.

(or use an OS that has better performance with filtering
infrastructure, per the platform diversity thread active here the last
few days)

best regards,
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] insufficient hidden service performance is potential de-anonymizing DoS [was Re: [tor-dev] yes hello, internet supervillain here]
  - From: coderman

References:
- [tor-talk] insufficient hidden service performance is potential de-anonymizing DoS [was Re: [tor-dev] yes hello, internet supervillain here]
  - From: coderman

Prev by Author: [tor-talk] insufficient hidden service performance is potential de-anonymizing DoS [was Re: [tor-dev] yes hello, internet supervillain here]
Next by Author: Re: [tor-talk] Operation Onymous against hidden services, most DarkNet markets are down
Previous by thread: [tor-talk] insufficient hidden service performance is potential de-anonymizing DoS [was Re: [tor-dev] yes hello, internet supervillain here]
Next by thread: Re: [tor-talk] insufficient hidden service performance is potential de-anonymizing DoS [was Re: [tor-dev] yes hello, internet supervillain here]
Index(es):
- Author
- Thread