On Tue, Oct 4, 2016 at 4:15 AM, Jeff Burdges burdges@gnunet.org wrote:
On Mon, 2016-10-03 at 20:28 +0100, John Graham-Cumming wrote:
- Benign GET / repeated 1000 times per second. That's a DoS on
the server
Is this going to work over Tor anyways? I suppose your concern would be PHP, etc. that falls over much faster than the web server calling it, no?
It turns out that does work over a Tor. We see this type of DoS happen across the Tor network. The network has quite a lot of capacity and certainly enough to knock over smaller web sites. A related tool is "Tor's Hammer" which performs DoS using a slightly different method over Tor.
- Shellshock. Looks like a benign GET / but nasty payload in
User-Agent header
- Simple GET but with SQLi in the URI
I suppose you're not worried about targeted attack per se here, as they can always solve the current CAPTCHA, but automated attackers who attempt attacks on many servers, no?
Right. For example the popular sqlmap tool for finding SQLi vulnerabilities in a web site has a --tor option to run through the Tor network. Running attack tools via Tor is very common.
Are these serious concerns? I suppose they're more serious than the DoS concerns, so that sounds bad from the token stockpiling perspective.*
Yes, these are serious concerns. If they weren't I would have just dropped CAPTCHA for Tor exit nodes and be done with it. We know from watching attacks come through Tor that to do so would expose people's web sites.
* If this becomes an issue, there is an approach that might work : Just
use multiple signing keys, one system wide key C for all CloudFlare sites, and individual site keys for each site CloudFlare protects. If you solve a CAPTCHA then you withdraw a moderate stack of C tokens. If you visit site X then you spend an X token if you have one, but if you do not then you spend a single C token to withdraw tens of thousands of X tokens. So solving a CAPTCHA is worth hundreds of thousands of page loads, but only across a moderate number of sites. We could've separate Cbig and Csmall keys such that first it withdraws with Csmall, but if the users blows through that quickly then it withdraws with Cbig.
I'll let the crypto-heads explore that.