Re: [tor-talk] Layer-7 DoS Attack Against WWW Tor Hidden Service

[George Kadianakis <desnacked@xxxxxxxxxx>]

bob1983 <bob1983@xxxxxxxxxxxxxx> writes:

> Hi.
>
> I'm the sysadmin of an unnamed computer club, we support online security and
> privacy, so our website is available via a Tor hidden service. Recently, we
> found a surge of CPU and RAM usage as soon as Tor has been started. A closer look
> showed it was the result of a DoS script, likely a broken web crawler, or a bot
> written by some script kiddies, which has been trapped inside an infinite loop
> and made more than 20 requests per seconds 24 hours a day.
>
> I have defeated the abuser by blacklisting the abused script, which takes a lot
> of system resource to generate a webpage but never used by normal visitors. The
> system is pretty good now, but I noticed that the Tor process still consumes
> significant higher memory usage than before because of the persistent abuser.
>
> Is there a way to limit resource usage originated from a single Tor circuit?
>

There is no such functionality right now I'm afraid. People have been
wanting some sort of functionality like that for a while:
        https://www.hackerfactor.com/blog/index.php?/archives/777-Stopping-Tor-Attacks.html
but we haven't had time to develop/design something.

One cheap solution would be to use some sort of CAPTCHA or use onionbalance :S

Some sort of concept like ticket #16059 might be a good start for this,
but we still don't have a precise design: https://trac.torproject.org/projects/tor/ticket/16059

We are all quite overwhelmed with v3 onions bugfixing right now, so
these projects are on a lower priority for now, and any help from the
community would be appreciated ;)

Cheers!
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk