We're not going to talk about social denial-of-service attacks at this session, even though they're real, because everybody felt like they were more expert at technical attacks instead.

THINGS ONE CAN DDOS (And worst-case)
What to attack Worst-case scenario as result of attack
Application-level attacks Interference de-anonymizes user, or makes user stop using anonymity.
Tor Website People can't get the software, or figure out how to use it.
People get the software from elsewhere, and it's backdoored
Development resources Attack happens during crunch time, delays response to an attack.
Tor relays Sniper-style attack to deanonymize
Interference-attack to deanonymize
Tor clients Interference attack do deanonymize
Other Websites, through Tor exits Exits get blocked
Hidden services Deanonymization
Communication and discussion channels (IRC, email, etc) Can't coordinate response to another attack
Directory authorities Whole network shuts down
Sybil attacks get easier
HSDir Ring HSDir availability drops
  • CPU
  • RAM
  • Disk
  • Bandwidth
  • Human attention
  • Crash things (through bugs or assertion failures.
  • Upload too much information (sybil)
  • Namespace

How can we decide what to put our efforts on.

  • Impact of attack (severity) { do any scale? }
  • difficulty of fix
  • implementation difficulty of attack
  • resource cost of attack
low-hanging fruit

Which attacks are easiest to do? Look at attacker resources and knowledge required.

  • ram:
    • uploads!
    • zip bombs
  • CPU:
    • crypto
    • unoptimized code
  • Disk:
    • logs
    • uploading
    • zip bombs
  • Bandwidth
    • look for amplification attacks?
    • http request?
  • Human attention:
    • bogus bug reports
    • trolls
    • abuse
    • one-more-questionism
    • please attend my conference
    • tell my highschool class about tor!
  • Ways to crash things
    • Assertion failures.
    • Memory violations
    • malformed inputs

low-hanging fruit , what's easy/hard to attackfix

  • Look for systemic fixes!!!! Fixing individual vectors is useful but can never be as effective as looking for a way to be more resilient to DoS entirely.


  • The Klingon programmer does not report out. The Klingon programmer returns in triumph with a list of demands
  • demand that our limited time be well spent in defeating DoS attacks
  • impact of attack, skill of attacker, resource of attacker, resources to fix.
  • impact seems similar, but more thinking needed!
  • look for categorical fixes
Last modified 4 years ago Last modified on Oct 8, 2015, 1:12:43 PM