Opened 2 years ago

Closed 16 months ago

#24299 closed defect (duplicate)

Allow onion services to distinguish clients from each other

Reported by: asn Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-hs, prop224, tor-dos, 034-triage-20180328, 034-removed-20180328
Cc: gk Actual Points:
Parent ID: #24298 Points:
Reviewer: Sponsor:

Description

We should provide onion services with the option to distinguish their anonymous users from each other, and also to handle those clients in a clinical way to do diagnostics, rate-limiting, abusive client blocking, etc.

One proposed way to do so comes from an old tor-dev thread which suggests we assign a virtual IP to each client based on the circuit ID:
https://lists.torproject.org/pipermail/tor-dev/2014-March/006610.html

I2P seems to have implemented a derivative of this idea. I wonder how it works for them:
https://github.com/i2p/i2p.i2p/blob/920b14212fa80a3a0e92d6e919fdae7e39ed22d5/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/I2PTunnelServer.java#L739

Child Tickets

Change History (8)

comment:1 Changed 2 years ago by asn

OK got some more info from I2P folks!

Their virtual client IP feature is used to make using fail2ban easier and also for non-http servers. Apparently java-i2p also has its own rate limiting logic:
https://github.com/i2p/i2p.i2p/blob/920b14212fa80a3a0e92d6e919fdae7e39ed22d5/apps/streaming/java/src/net/i2p/client/streaming/impl/ConnectionManager.java#L504-L596
which basically counts the number of connection attempts from a virtual Ip and calculates a rate and then rate limits based on that value.

comment:2 Changed 2 years ago by gk

Cc: gk added

comment:3 Changed 21 months ago by dgoulet

Milestone: Tor: 0.3.3.x-finalTor: 0.3.4.x-final

Moving a bunch of tickets from 033 to 034.

comment:4 Changed 19 months ago by nickm

Keywords: 034-triage-20180328 added

comment:5 Changed 19 months ago by nickm

Keywords: 034-removed-20180328 added

Per our triage process, these tickets are pending removal from 0.3.4.

comment:6 Changed 18 months ago by nickm

Milestone: Tor: 0.3.4.x-finalTor: unspecified

These tickets, tagged with 034-removed-*, are no longer in-scope for 0.3.4. We can reconsider any of them, if time permits.

comment:7 Changed 16 months ago by arma

See also the work being done in #4700, which could be the same work as this ticket wants.

comment:8 Changed 16 months ago by asn

Resolution: duplicate
Status: newclosed

Closing this as a dup of #4700. :(

Note: See TracTickets for help on using tickets.