[tor-bugs] #18142 [- Select a component]: Anti-Automated-Scanning: Support "marking" with iptables TCP connections differently "for each circuits"
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jan 25 07:19:29 UTC 2016
#18142: Anti-Automated-Scanning: Support "marking" with iptables TCP connections
differently "for each circuits"
--------------------------------------+-----------------
Reporter: naif | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: - Select a component | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Sponsor:
--------------------------------------+-----------------
This ticket is to support "marking" with iptables TCP connections
differently "for each circuits".
The basic idea is that a Tor Exit operator, in order to reduce automated
scanning, may wish to apply specific rate limiters available from the
iptables stack of his linux machine.
The usual Tor connection pattern of an automated scan, from a Tor Exit
relay point of view, is that from a single circuit there are a lot of TCP
connections going out to the same host within a relatively short amount of
time.
The usual HTTP(S) connection pattern of normal Browser, from a Tor Exit
relay point of view, is to open a bunch of connection to the same IP and
keep those open with keep-alive.
So, if Tor software would made available to Iptables stack the "individual
marking" of all TCP connections coming out of a specfic circuit, it would
be possible for the Tor Exit operator to apply rate limiting finely tuned
in a way not to break normal end-user browsing but to break automated
scanner efficiency.
Obviously, that works against automated scanners that does not apply a
specific technique to bypass this specific prevention technique, that
shall be considered most of the automated scanners.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18142>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list