Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2022-03-22T13:12:44Zhttps://gitlab.torproject.org/legacy/trac/-/issues/15516Consider rate-limiting INTRODUCE2 cells when under load2022-03-22T13:12:44ZJohn BrooksConsider rate-limiting INTRODUCE2 cells when under loadIn #15463, we're seeing an effective denial of service against a HS with a flood of introductions. The service falls apart trying to build rendezvous circuits, resulting in 100% CPU usage, many failed circuits, and impact on the guard.
...In #15463, we're seeing an effective denial of service against a HS with a flood of introductions. The service falls apart trying to build rendezvous circuits, resulting in 100% CPU usage, many failed circuits, and impact on the guard.
We should consider dropping INTRODUCE2 cells when the HS is under too much load to build rendezvous circuits successfully. It's much better if the HS response in this situation is predictable, instead of hammering at the guard until something falls down.
One option is to add a HSMaxConnectionRate(?) option defining the number of INTRODUCE2 we would accept per 10(?) minutes, maybe with some bursting behavior. It's unclear what a useful default value would be.
We could try to use a heuristic based on when rend circuits start failing, but it's not obvious to me how that would work.Tor: unspecifiedDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/296072019 Q1: Denial of service on v2 and v3 onion service2022-03-22T13:12:44ZTrac2019 Q1: Denial of service on v2 and v3 onion serviceDear tor team,
We have setup a discussion board, on the tor network.
And there is someone that is exploiting within our servers, by taking it down it every time and the forums will respond with "Server not found".
We are pretty sure this...Dear tor team,
We have setup a discussion board, on the tor network.
And there is someone that is exploiting within our servers, by taking it down it every time and the forums will respond with "Server not found".
We are pretty sure this problem is on the side of the TOR browser, is there anything we could do to sort this?
With many thanks for taking time into reading this.
**Trac**:
**Username**: pidginTor: 0.4.3.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/30924hs-v3: Implement proposal 305 - ESTABLISH_INTRO Cell DoS Defense Extension2020-06-13T15:48:38ZDavid Gouletdgoulet@torproject.orghs-v3: Implement proposal 305 - ESTABLISH_INTRO Cell DoS Defense ExtensionTicket for implementing prop305 (see #30790).Ticket for implementing prop305 (see #30790).Tor: 0.4.2.x-finalDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/31682CID 1453653: Integer handling (NEGATIVE_RETURNS) in build_establish_intro_dos...2020-06-13T15:46:35ZteorCID 1453653: Integer handling (NEGATIVE_RETURNS) in build_establish_intro_dos_extension()trn_cell_extension_dos_encoded_len() returns ssize_t, but trn_cell_extension_field_setlen_field() takes size_t.
This looks like a bug on #30924, copying sponsor fields across.
```
/src/feature/hs/hs_cell.c: 532 in build_establish_intro_...trn_cell_extension_dos_encoded_len() returns ssize_t, but trn_cell_extension_field_setlen_field() takes size_t.
This looks like a bug on #30924, copying sponsor fields across.
```
/src/feature/hs/hs_cell.c: 532 in build_establish_intro_dos_extension()
528 /* Set the field with the encoded DoS extension. */
529 dos_ext_encoded_len = trn_cell_extension_dos_encoded_len(dos_ext);
530 /* Set length field and the field array size length. */
531 trn_cell_extension_field_set_field_len(field, dos_ext_encoded_len);
CID 1453653: Integer handling issues (NEGATIVE_RETURNS)
"dos_ext_encoded_len" is passed to a parameter that cannot be negative.
532 trn_cell_extension_field_setlen_field(field, dos_ext_encoded_len);
533 /* Encode the DoS extension into the cell extension field. */
534 field_array = trn_cell_extension_field_getarray_field(field);
```Tor: 0.4.2.x-finalDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/24962Single hop onion service denial of service issues2020-06-13T15:45:38ZDavid Gouletdgoulet@torproject.orgSingle hop onion service denial of service issuesThis is a parent ticket for all single hop anti-DoS mitigation we want to put in Tor. Not only that but it should be seen as "any client single hop" hidden service requests rather than tor2web specific.
Child tickets are really the meat...This is a parent ticket for all single hop anti-DoS mitigation we want to put in Tor. Not only that but it should be seen as "any client single hop" hidden service requests rather than tor2web specific.
Child tickets are really the meat of the work so anything related to this topic should have a child ticket and this parent ticket should not be used for discussions.Tor: 0.4.2.x-finalDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/31754Add HS DoS defence stats to heartbeat2020-06-13T15:45:38ZGeorge KadianakisAdd HS DoS defence stats to heartbeatWe should add entries to our heartbeat about the new DoS defences we added to see how helpful and prevalent they are.
In particular:
- We should mention how many single-hop connections we blocked (#24962)
- How many times we applied rat...We should add entries to our heartbeat about the new DoS defences we added to see how helpful and prevalent they are.
In particular:
- We should mention how many single-hop connections we blocked (#24962)
- How many times we applied rate-limiting as an introduction point (#15516).
(Marking this as easy since the heartbeat module is not too hard to figure out)Tor: 0.4.3.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/31371hs: Add DoS defense counter to DoS heartbeat message2020-06-13T15:44:09ZDavid Gouletdgoulet@torproject.orghs: Add DoS defense counter to DoS heartbeat messageNow that #15516 is merged, we'll soon enable those defenses and it would be nice to have the counter of how many introduction were rejected due to DoS defenses.Now that #15516 is merged, we'll soon enable those defenses and it would be nice to have the counter of how many introduction were rejected due to DoS defenses.Tor: 0.4.3.x-finalDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/30790hs-v3: Write a proposal for an ESTABLISH_INTRO cell extension containing DoS ...2020-06-13T15:42:15ZDavid Gouletdgoulet@torproject.orghs-v3: Write a proposal for an ESTABLISH_INTRO cell extension containing DoS defense parametersThis ticket is for writing the proposal that will allow an onion service to put DoS defense parameters (at the intro point, like #15516) in the `ESTABLISH_INTRO` cell so the intro point can use those.
It is more than possible that we pr...This ticket is for writing the proposal that will allow an onion service to put DoS defense parameters (at the intro point, like #15516) in the `ESTABLISH_INTRO` cell so the intro point can use those.
It is more than possible that we probably want more than just DoS parameters in that cell.
This is related to #15516 as the parameters, initially, come from that ticket work.Tor: 0.4.2.x-finalDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.org