diff options
| author | Micah Elizabeth Scott <beth@torproject.org> | 2023-11-07 18:23:01 -0800 |
|---|---|---|
| committer | Micah Elizabeth Scott <beth@torproject.org> | 2023-11-09 14:16:19 -0800 |
| commit | 42d6e2ea4a8c120dc0614f4e1e4ed5472f67ee67 (patch) | |
| tree | 7a0e5e26c2882c8dd57c233377e934381e0b0c22 /spec/dos-spec/memory-exhaustion.md | |
| parent | 0f3a2d9d8cd9e79a25594f19e8122e202e344b5c (diff) | |
| download | torspec-42d6e2ea4a8c120dc0614f4e1e4ed5472f67ee67.tar.gz torspec-42d6e2ea4a8c120dc0614f4e1e4ed5472f67ee67.zip | |
Denial of service overview and related edits
This also moves some text from memory-exhaustion to overview,
and it removes the tor-spec/resource-exhaustion section as it's
redundant with the description of the same in dos-spec.
Diffstat (limited to 'spec/dos-spec/memory-exhaustion.md')
| -rw-r--r-- | spec/dos-spec/memory-exhaustion.md | 26 |
1 files changed, 4 insertions, 22 deletions
diff --git a/spec/dos-spec/memory-exhaustion.md b/spec/dos-spec/memory-exhaustion.md index d37649f..591d950 100644 --- a/spec/dos-spec/memory-exhaustion.md +++ b/spec/dos-spec/memory-exhaustion.md @@ -1,28 +1,10 @@ -# Denial-of-service prevention mechanisms in Tor +# Memory exhaustion { #oom } -This document is incomplete; it describes some mechanisms that Tor -uses to avoid different kinds of denial-of-service attacks. +Memory exhaustion is a broad issue with many underlying causes. The Tor protocol requires clients, onion services, relays, and authorities to store various kind of information in buffers and caches. But an attacker can use these buffers and queues to exhaust the memory of the a targeted Tor process, and force the operating system to kill that process. -## Handling low-memory conditions { #oom } +With this in mind, any Tor implementation—especially one that runs as a relay or onion service—must take steps to prevent memory-based denial-of-service attacks. -(See also `tor-spec.txt`, section 8.1.) - -The Tor protocol requires clients, onion services, relays, and -authorities to store various kind of information in buffers and -caches. But an attacker can use these buffers and queues to queues -to exhaust the memory of the a targeted Tor process, and force the -operating system to kill that process. - -Worse still, the ability to kill targeted Tor instances can be used -to facilitate traffic analysis. (For example, see -[the "Sniper Attack" paper](https://www.freehaven.net/anonbib/#sniper14) -by Jansen, Tschorsch, Johnson, and Scheuermann. - -With this in mind, any Tor implementation—especially one that -runs as a relay or onion service—must take steps to prevent -memory-based denial-of-service attacks. - -### Detecting low memory { #oom-detection } +## Detecting low memory { #oom-detection } The easiest way to notice you're out of memory would, in theory, be getting an error when you try to allocate more. Unfortunately, some |