[tor-bugs] #16052 [Tor]: Hidden service socket exhaustion by opening many connections (was: Hidden service DoS by hammering RELAY_BEGIN)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat May 16 15:16:11 UTC 2015
#16052: Hidden service socket exhaustion by opening many connections
------------------------+------------------------------------------
Reporter: asn | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version:
Resolution: | Keywords: tor-hs dos SponsorR SponsorU
Actual Points: | Parent ID:
Points: |
------------------------+------------------------------------------
Changes (by nickm):
* keywords: tor-hs dos => tor-hs dos SponsorR SponsorU
Comment:
Not a very sophisticated attack; this is the kind of port/fd exhaustion
thing that ought to work against any webserver. (RELAY_BEGIN is to Tor
approximately as SYN is to TCP: welcome to the 1990s.)
The only HS-specific wrinkles here are:
* We can't do IP-based filtering.
* We *can* do circuit-aware mitigations.
I like 'a' as an immediate countermeasure, especially with a configurable
limit. I like 'c' as a recommendation. Let me also suggest:
d) do something similar to our OOM prevention code, where when we run
low on sockets, we kill certain circuits and their connections based on
some reasonable metric.
e) think of some way to signal to the application which requests are
arriving on the same circuit as other requests.
f) just to be sure, we should try this on a test network with profiling
enabled to make sure there isn't some O(1) thing going on here in our own
code.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16052#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list