[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #24902 [Core Tor/Tor]: Denial of Service mitigation subsystem
#24902: Denial of Service mitigation subsystem
-------------------------------------------------+-------------------------
Reporter: dgoulet | Owner: dgoulet
Type: enhancement | Status:
| needs_review
Priority: Very High | Milestone: Tor:
| 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: ddos, tor-relay, review-group-30, | Actual Points:
029-backport, 031-backport, 032-backport |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by teor):
Replying to [comment:17 dgoulet]:
> ...
> > I think we should add two more Tor2web defenses managed by a
consensus parameter:
>
> Thanks teor for this, I 100% agree with you. What I'm wondering here is
if we should take the time to also implement these and backport them or
for now we only put in the RP one (which I think the worst one because
clients do open the RP before doing the introduction) and put the others
in 034+ ? If the later, I propose we open a new ticket for this "anti DoS
+ tor2web" issue because also at that point, if we end up with relays just
denying direct client connections for HS purposes, we should start
considering strongly to rip off the tor2web code from Tor. I won't start a
"why do that discussion" in this ticket.
Do we know if the extra load is bringing down HSDirs?
(The fetch creates more load, but HS descriptors are cached by clients.)
Let's open separate tickets for 0.3.4 for blocking Tor2web HSDir and
Intro. And we should think about backporting the HSDir defence, because we
will want it if the load gets worse.
We might also want to block single onion / Tor2web intros and rendezvous
by default, and backport the code for security. The existing tickets are
#22688 and #22689.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24902#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs