Delivery-Date: Sun, 09 Nov 2014 05:52:48 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id F11D81E070F;
	Sun,  9 Nov 2014 05:52:46 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 1A90631988;
	Sun,  9 Nov 2014 10:52:43 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 6368531947
 for <tor-talk@lists.torproject.org>; Sun,  9 Nov 2014 10:52:39 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id p7_86ioYLXzR for <tor-talk@lists.torproject.org>;
 Sun,  9 Nov 2014 10:52:39 +0000 (UTC)
Received: from mail-la0-x233.google.com (mail-la0-x233.google.com
 [IPv6:2a00:1450:4010:c03::233])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 08465318F8
 for <tor-talk@lists.torproject.org>; Sun,  9 Nov 2014 10:52:39 +0000 (UTC)
Received: by mail-la0-f51.google.com with SMTP id q1so6413443lam.38
 for <tor-talk@lists.torproject.org>; Sun, 09 Nov 2014 02:52:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=ESbqI9tQxE3n6ubvVH+kXzz2zB7/kmhfa2eCIwanRNU=;
 b=xD5CiLQ2nxZpv6ebbyPc73VPjIyq72mF12u3OfS8j6qJdyYunAZJa61soGVN4+dc8f
 ayfNosKguS0kEsk5PehxXvx4wnrvmiin1UMnrzAYo89zGhrC0Fr+2xmglUqtEz4xGcF+
 tIBgRuF4mgFK23hjQl7rgyaqGZs2pMpIsyII5Ffn3WOcM1Vj3rHSX9eGrmHxLevyPJgt
 a8rXzhlfdrWYEGWsZLOS+S1F6cBQJ/6lj1d0rctELMFZMnML2w5YexyXFyOUQZ0KTY8a
 ksbFaA0PNpavMd2gLvU8ZQH4T9QeSx5MRgWHxLY62pHko23VkrzhaLlFo3tlDkjGfmb0
 mTwQ==
MIME-Version: 1.0
X-Received: by 10.112.169.106 with SMTP id ad10mr22829508lbc.13.1415530355837; 
 Sun, 09 Nov 2014 02:52:35 -0800 (PST)
Received: by 10.112.156.225 with HTTP; Sun, 9 Nov 2014 02:52:35 -0800 (PST)
In-Reply-To: <CAJVRA1Qc_oDPMyiTKKETqqRrWkTK3j8qwi37ELhOk2xVTyvxqg@mail.gmail.com>
References: <CAJVRA1Qc_oDPMyiTKKETqqRrWkTK3j8qwi37ELhOk2xVTyvxqg@mail.gmail.com>
Date: Sun, 9 Nov 2014 02:52:35 -0800
Message-ID: <CAJVRA1SGKkYQ-hk2RiciMAVvG-UR8nX2okmgvb7tD6nyyN9_ZQ@mail.gmail.com>
From: coderman <coderman@gmail.com>
To: tor-talk <tor-talk@lists.torproject.org>, nachash@observers.net
Subject: Re: [tor-talk] insufficient hidden service performance is potential
 de-anonymizing DoS [was Re: [tor-dev] yes hello, internet supervillain here]
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 11/9/14, coderman <coderman@gmail.com> wrote:
> ...
> Andrea's distribution shows this type of behavior, as i would expect it:
> https://people.torproject.org/~andrea/loldoxbin-logs/analysis/length_distribution.txt
> e.g. send small bits to keep connection active and not closed by
> server side client send timeouts, then around 900-1000 chars call it
> good and finalize the request.

your ConstrainedSockets experiments are exactly what i would expect to
see if this technique were used, since reducing socket buffers would
allow you to have more concurrent connections open (and thus thwart a
DoS at lower limits).

note that the next level of breakage might show up at file descriptor
limits in processes like Tor or your Nginx server.  ulimits tuning
also suggested. (i like to use 32-64k as soft limit for all processes
on a server by default, and 0.25mm for front-end proxies running
Nginx/HAProxy or related services.)

last but not least, if you are pushing to extreme levels of
concurrence, be sure to disable CONNTRACK in iptables/xtables.

(or use an OS that has better performance with filtering
infrastructure, per the platform diversity thread active here the last
few days)


best regards,
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

