[tor-dev] Constraining Ephemeral Service Creation in Tor

28 Sep 2016


      Hello, We are working on supporting ephemeral onion services in Whonix 
and one of the concerns brought up is how an attacker can potentially 
exhaust resources like RAM. CPU, entropy... on the Gateway (or system in 
the case of TAILS) by requesting an arbitrary number of services and 
ports to be created.
In our opinion, options in core Tor for setting a maximum number of 
services and ports per service seems the right way to go about it. Also 
rate limiting the requests (like you do with NEWNYM) would be a sensible 
thing to do.
What are your opinions about this?

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

[tor-dev] Constraining Ephemeral Service Creation in Tor