[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #24902 [Core Tor/Tor]: Denial of Service mitigation subsystem

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #24902 [Core Tor/Tor]: Denial of Service mitigation subsystem
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 16 Jan 2018 15:41:04 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 16 Jan 2018 10:41:15 -0500
In-reply-to: <047.6d5cc6c680b2954e6ee1e1b9188879c1@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.6d5cc6c680b2954e6ee1e1b9188879c1@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#24902: Denial of Service mitigation subsystem
-----------------------------+------------------------------------
 Reporter:  dgoulet          |          Owner:  dgoulet
     Type:  enhancement      |         Status:  needs_review
 Priority:  Medium           |      Milestone:  Tor: 0.3.3.x-final
Component:  Core Tor/Tor     |        Version:
 Severity:  Normal           |     Resolution:
 Keywords:  ddos, tor-relay  |  Actual Points:
Parent ID:                   |         Points:
 Reviewer:                   |        Sponsor:
-----------------------------+------------------------------------

Comment (by dgoulet):

 Replying to [comment:3 teor]:
 > As I suggested privately, I believe the best defense against tor traffic
 via an exit is to count unauthenticated (client, bridge, onion service)
 and authenticated (public relay) connections separately.

 Yes indeed, that part is missing. I'm not entirely sure why we should
 track independently connections here, this DoS mitigation only tracks
 client connections.

 So basically, I think we could do this for this extra "Exit detection"
 protection which would be to check if it is a known digest and maybe also
 check if we do have a matching non client channel for the address. What do
 you think?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24902#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #24902 [Core Tor/Tor]: Denial of Service mitigation subsystem
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #24961 [Core Tor/Tor]: Authorities crash in Shadow with 0.3.2.9 because it's 1970 due to new HS code
Next by Author: Re: [tor-bugs] #24642 [Obfuscation/meek]: cannot use TOR_PT_EXIT_ON_STDIN_CLOSE with meek-client-torbrowser
Previous by thread: Re: [tor-bugs] #24902 [Core Tor/Tor]: Denial of Service mitigation subsystem
Next by thread: Re: [tor-bugs] #24902 [Core Tor/Tor]: Denial of Service mitigation subsystem
Index(es):
- Author
- Thread