[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] Constraining Ephemeral Service Creation in Tor

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-dev] Constraining Ephemeral Service Creation in Tor
From: bancfc@xxxxxxxxxxxxxxx
Date: Wed, 28 Sep 2016 16:59:40 +0200
Cc: whonix-devel@xxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 28 Sep 2016 11:00:06 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1475074785; bh=7goyPzPnXPpPP/RDqCv9SWAWT7n1LCXL6aTl4cZK7mU=; h=Date:From:To:Cc:Subject:From; b=H8qkbtgEsz5FxL0/Z1dGcSzUsuEDfORqBeBMF+qTT9F9ENq2QBnKgkG8B+kAK+9vS 6qq1DxN0N8sFWigCqSBGb85TQD8h892l3V+uBYl4duq4NRLgO65tZeWHLlqwOBml3i oRz+I3VKMic02rhiYjjNo7lLaNOLVgpuleX8OTCM=
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Roundcube Webmail/1.0.6

Hello, We are working on supporting ephemeral onion services in Whonixand one of the concerns brought up is how an attacker can potentiallyexhaust resources like RAM. CPU, entropy... on the Gateway (or system inthe case of TAILS) by requesting an arbitrary number of services andports to be created.

In our opinion, options in core Tor for setting a maximum number ofservices and ports per service seems the right way to go about it. Alsorate limiting the requests (like you do with NEWNYM) would be a sensiblething to do.


What are your opinions about this?
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Constraining Ephemeral Service Creation in Tor
  - From: teor

Prev by Author: Re: [tor-dev] Constraining Ephemeral Service Creation in Tor
Next by Author: Re: [tor-dev] Reg:https-everywhere
Previous by thread: Re: [tor-dev] Onioncat and Prop224
Next by thread: Re: [tor-dev] Constraining Ephemeral Service Creation in Tor
Index(es):
- Author
- Thread