[tor-bugs] #27921 [Core Tor/Tor]: apparent DOS / impairment-of-service against FallbackDirs using DIR requests, please evaluate for possible mitigation

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Nov 7 05:17:42 UTC 2018 

#27921: apparent DOS / impairment-of-service against FallbackDirs using DIR
requests, please evaluate for possible mitigation
--------------------------+------------------------------------
 Reporter:  starlight     |          Owner:  (none)
     Type:  enhancement   |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |        Version:  Tor: 0.3.4.1-alpha
 Severity:  Normal        |     Resolution:
 Keywords:  tor-dos       |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by teor):

 Replying to [ticket:27921 starlight]:
 > The attacker enhanced their botware to request via OR port and the
 problem is back.  In the previous 24-hour stats window DIR requests
 increased output load on the relay by 17%.  In the current cycle the
 increase is 12%.

 This is interesting. Tor clients on 0.2.8 and later only use the ORPort.
 And relays on 0.2.9(?) or later will fall back to the ORPort when the
 DirPort doesn't work.

 Replying to [comment:8 starlight]:
 > modified the daemon to reject /tor/server/d/<hash> requests with a 404;
 crushed the cockroach
 >
 > /tor/micro/d/<hash> left alone, quite a few .z requests for these
 presumably from booting relays and clients
 >
 > any objection?  any valid purpose for which this request type is
 critical?

 Since 0.2.3.25, clients use microdescs by default. Since 0.3.0.6, relays
 use microdescriptors by default for building circuits, but most relays are
 directory caches, so they still download full descriptors.

 So this is either a relay, or a client with UseMicrodescriptors 0 set. (Or
 similar options.)

 I wonder if this is a bug in Tor. If it is, it seems to affect relays (or
 old clients). Are the addresses making these requests in the consensus as
 relays?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27921#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list