[tor-bugs] #15463 [Tor]: Tor deals poorly with a very large number of incoming connection requests.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Apr 1 15:31:07 UTC 2015
#15463: Tor deals poorly with a very large number of incoming connection requests.
--------------------------+--------------------------------------
Reporter: alberto | Owner:
Type: defect | Status: new
Priority: critical | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version: Tor: 0.2.5.11
Resolution: | Keywords: tor-hs SponsorR SponsorZ
Actual Points: | Parent ID:
Points: |
--------------------------+--------------------------------------
Comment (by dgoulet):
Replying to [comment:16 arma]:
> Replying to [comment:15 asn]:
> > Can we figure out whether such volume of `INTRODUCE1` cells is
possible without #15515? If the attacker is not using #15515, and the IP
can handle that many circuits, why can't our hidden service also handle
them?
> > [...] on the first logs, the HS had 3 IPs. The first IP sent us 11k
`INTRODUCE2` cells, the second 3.5k `INTRODUCE2` cells, and the last only
200. Similarly, on the last logs the first IP sent 6k `INTRODUCE2` cells,
the second 3k `INTRODUCE2` cells and the last about 50. What I'm trying to
say here friends is that the distribution is not uniform as would be
expected by a normal client, and also the two distributions are quite
similar.
>
> Another explanation (alas) might be that each of the main two intro
points here had different capacity to handle incoming requests, so they
each got saturated at a different level.
I doubt that's the case because there is an ordering where we see a
sequential progression over time, that is 11k from IP1 *and then* 3.5k
from IP2 *and then * the 200 from IP3. There is a small overlap between
each IPs but they are all ordered in time.
If IP capacity was the issue, I think we would have seen more overlap
between IP here and not this clean cut in time on *both* attacks (in the
two different logs).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15463#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list