Opened 2 years ago

Closed 8 months ago

#24298 closed defect (fixed)

Better handling of DoS attacks on onion services

Reported by: asn Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-hs, prop224, tor-dos, 034-triage-20180328, 034-removed-20180328
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor: SponsorV

Description

We have received various reports on attackers being able to DoS onion services in various ways. Examples:

a) Layer-7 attacks where the attacker spams HTTP requests: https://www.hackerfactor.com/blog/index.php?/archives/777-Stopping-Tor-Attacks.html
b) DoS through the Tor protocol (intense circuit construction #16052m #15515).

We should come up with designs and plans on how to mitigate those DoS attacks better in the future.

Due to the anonymous unlinkable nature of Tor onion service clients, these designs should be modular enough so that onion service operators can write their own anti-DoS modules to handle specific cases of attacks.

This is a parent ticket to handle the various subtasks.

Child Tickets

TicketStatusOwnerSummaryComponent
#24299closedAllow onion services to distinguish clients from each otherCore Tor/Tor

Change History (6)

comment:1 Changed 2 years ago by asn

Sponsor: SponsorV

comment:2 Changed 23 months ago by dgoulet

Milestone: Tor: 0.3.3.x-finalTor: 0.3.4.x-final

Moving a bunch of tickets from 033 to 034.

comment:3 Changed 21 months ago by nickm

Keywords: 034-triage-20180328 added

comment:4 Changed 21 months ago by nickm

Keywords: 034-removed-20180328 added

Per our triage process, these tickets are pending removal from 0.3.4.

comment:5 Changed 20 months ago by nickm

Milestone: Tor: 0.3.4.x-finalTor: unspecified

These tickets, tagged with 034-removed-*, are no longer in-scope for 0.3.4. We can reconsider any of them, if time permits.

comment:6 Changed 8 months ago by asn

Resolution: fixed
Status: newclosed

Closing this superfluous ticket.

Note: See TracTickets for help on using tickets.