1467
« on: April 29, 2013, 05:23 pm »
Does anyone want to brainstorm ways to mitigate the DOS attack? Of course, without knowing the nature of the attack, we can't offer specific help, but if we compile enough ideas, DPR should know which ones work, or test them until he finds a solution.
I can start with two suggestions.
1. Increase the number of intro points.
You'll have to download the Tor source code and edit /src/or/rendservice.c
Which can be viewed here:
https://gitweb.torproject.org/tor.git/blob/ab3d5c049032651a9c9164262f9a8f81de9709d4:/src/or/rendservice.c
Look at this section:
72 /** Try to maintain this many intro points per service by default. */
73 #define NUM_INTRO_POINTS_DEFAULT 3
74 /** Maintain no more than this many intro points per hidden service. */
75 #define NUM_INTRO_POINTS_MAX 10
76
77 /** If we can't build our intro circuits, don't retry for this long. */
78 #define INTRO_CIRC_RETRY_PERIOD (60*5)
79 /** Don't try to build more than this many circuits before giving up
80 * for a while.*/
81 #define MAX_INTRO_CIRCS_PER_PERIOD 10
82 /** How many times will a hidden service operator attempt to connect to
83 * a requested rendezvous point before giving up? */
84 #define MAX_REND_FAILURES 30
85 /** How many seconds should we spend trying to connect to a requested
86 * rendezvous point before giving up? */
87 #define MAX_REND_TIMEOUT 30
88
89 /** How many seconds should we wait for new HS descriptors to reach
90 * our clients before we close an expiring intro point? */
91 #define INTRO_POINT_EXPIRATION_GRACE_PERIOD (5*60)
Increase NUM_INTRO_POINTS_DEFAULT to something like 8, and NUM_INTRO_POINTS_MAX to 20. You may also experiment with changing the other values.
Then take a look at this section:
https://gitweb.torproject.org/tor.git/blob/ab3d5c049032651a9c9164262f9a8f81de9709d4:/src/or/rendservice.c#l1001
That's the formula for changing the number of intro points. You might try increasing the fudge factor from 1.5 to 2, or otherwise adjusting the formula to be more "sensitive" to intro point usage, and increase by a larger factor when they are getting hammered.
Build instructions are in the INSTALL file and here: https://www.torproject.org/docs/tor-doc-unix
2. Increase the number of entry guards.
This is potentially dangerous. It increases the likelihood of certain kinds of attacks and should only be used temporarily to mitigate an attack, if at all. You probably already know how to do this, but add NumEntryGuards to your torrc and set the value to something like 8 or 10.
Does anyone with experience defending web or database servers from attacks want to offer advice?