[tor-dev] Does a design document for the DoS subsystem exist?
George Kadianakis
desnacked at riseup.net
Mon Apr 13 21:50:54 UTC 2020
Lennart Oldenburg <lennart.oldenburg at esat.kuleuven.be> writes:
> Hi all,
>
> We are investigating how Tor protects itself against Denial-of-Service
> (DoS) attacks. So far, it has been difficult to find a comprehensive
> top-level design document for the DoS subsystem (e.g., a torspec or
> proposal) that reflects the decisions that lead to the subsystem in its
> current form.
>
> Specifically, we are looking at the DoS mitigation subsystem code for
> entry guards at src/core/or/dos.{h,c} [1]. We are trying to understand
> the chosen countermeasures and how the default and current consensus
> values came to be, e.g., the decision to limit to 3 circuits per second
> after the initial burst.
>
> 1) Could you kindly point us in the right direction if any such document
> exists?
>
> 2) If it does not exist, would you mind briefly explaining how the DoS
> threshold values (such as DoSCircuitCreationMinConnections,
> DoSCircuitCreationRate, DoSCircuitCreationBurst, and
> DoSConnectionMaxConcurrentCount) were chosen?
>
Hello there,
first of all let me say that the DoS subsystem of Tor is under active
development, so things are subject to change and mutate towards various
directions (e.g. https://lists.torproject.org/pipermail/tor-dev/2020-April/014215.html).
However, since you are asking for resources on the currently existing
DoS subsystem here is some things you can look at:
- Resources on general Tor rate limiting:
https://trac.torproject.org/projects/tor/ticket/24902
https://lists.torproject.org/pipermail/tor-relays/2018-January/014357.html
- The proposal for the HS DoS subsystem:
https://github.com/torproject/torspec/blob/master/proposals/305-establish-intro-dos-defense-extention.txt
- More information on HS DoS subsystem:
https://lists.torproject.org/pipermail/tor-dev/2019-April/013790.html
https://lists.torproject.org/pipermail/tor-dev/2019-May/013837.html
https://lists.torproject.org/pipermail/tor-dev/2019-July/013923.html
Good luck with your research and please let us know if you reach the
point where you can break or fix things! :)
Cheers!
More information about the tor-dev
mailing list