[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #16052 [Tor]: Hidden service socket exhaustion by opening many connections

Subject: Re: [tor-bugs] #16052 [Tor]: Hidden service socket exhaustion by opening many connections
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 16 May 2015 19:20:16 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 16 May 2015 15:20:28 -0400
In-reply-to: <043.be601ca0a8f7521c114f2fd033cf8772@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.be601ca0a8f7521c114f2fd033cf8772@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#16052: Hidden service socket exhaustion by opening many connections
------------------------+------------------------------------------
     Reporter:  asn     |      Owner:
         Type:  defect  |     Status:  new
     Priority:  normal  |  Milestone:  Tor: 0.2.7.x-final
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:  tor-hs dos SponsorR SponsorU
Actual Points:          |  Parent ID:
       Points:          |
------------------------+------------------------------------------

Comment (by TvdW):

 In general DoSes and DDoSes can be mitigated by making sure the server has
 more capacity than the client. From these follow my two suggestions :

  * Donncha's summer of privacy project (to allow load balancing HSes)
 would allow server owners to just add more servers to the HS.
  * Introducing a Hashcash (proof-of-work) based system into HS connections
 should significantly decrease client capacity. This would ensure that the
 attacker needs significantly more hardware than the HS hoster. Of course
 it's important that the hashcash settings are tunable.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16052#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #16052 [Tor]: Hidden service DoS by hammering RELAY_BEGIN
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #16057 [Tor Browser]: mention overwriting of NoScript settings when security level is changed
Next by Author: Re: [tor-bugs] #4700 [Tor]: Tor should provide a mechanism for hidden services to differentiate authorized clients and circuits (was: Tor should provide a mechanism for hidden services to differentiate authorized clients.)
Previous by thread: Re: [tor-bugs] #16052 [Tor]: Hidden service socket exhaustion by opening many connections (was: Hidden service DoS by hammering RELAY_BEGIN)
Next by thread: Re: [tor-bugs] #16052 [Tor]: Hidden service socket exhaustion by opening many connections
Index(es):
- Author
- Thread