Hello, We are working on supporting ephemeral onion services in Whonix and one of the concerns brought up is how an attacker can potentially exhaust resources like RAM. CPU, entropy... on the Gateway (or system in the case of TAILS) by requesting an arbitrary number of services and ports to be created.
In our opinion, options in core Tor for setting a maximum number of services and ports per service seems the right way to go about it. Also rate limiting the requests (like you do with NEWNYM) would be a sensible thing to do.
What are your opinions about this?
On 28 Sep 2016, at 07:59, bancfc@openmailbox.org wrote:
Hello, We are working on supporting ephemeral onion services in Whonix and one of the concerns brought up is how an attacker can potentially exhaust resources like RAM. CPU, entropy... on the Gateway (or system in the case of TAILS) by requesting an arbitrary number of services and ports to be created.
In our opinion, options in core Tor for setting a maximum number of services and ports per service seems the right way to go about it. Also rate limiting the requests (like you do with NEWNYM) would be a sensible thing to do.
What are your opinions about this?
I think this would be much better implemented in a control port filter. There are several existing control port filters. Do they have this feature?
Alternately, you should limit resources to the tor process using OS facilities. If you set an open file limit, this will constrain the number of hidden services. If it doesn't, or tor behaves badly when adding a hidden service with few file descriptors, file a bug against tor.
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org
On 2016-09-29 08:38, teor wrote:
On 28 Sep 2016, at 07:59, bancfc@openmailbox.org wrote:
Hello, We are working on supporting ephemeral onion services in Whonix and one of the concerns brought up is how an attacker can potentially exhaust resources like RAM. CPU, entropy... on the Gateway (or system in the case of TAILS) by requesting an arbitrary number of services and ports to be created.
In our opinion, options in core Tor for setting a maximum number of services and ports per service seems the right way to go about it. Also rate limiting the requests (like you do with NEWNYM) would be a sensible thing to do.
What are your opinions about this?
I think this would be much better implemented in a control port filter. There are several existing control port filters. Do they have this feature?
None of them do.
Alternately, you should limit resources to the tor process using OS facilities. If you set an open file limit, this will constrain the number of hidden services. If it doesn't, or tor behaves badly when adding a hidden service with few file descriptors, file a bug against tor.
Thanks for the tip.
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
-
bancfc@openmailbox.org -
teor