diff options
| author | Mike Perry <mikeperry-git@fscked.org> | 2012-05-03 20:15:34 -0700 |
|---|---|---|
| committer | Mike Perry <mikeperry-git@fscked.org> | 2012-06-14 13:19:56 -0700 |
| commit | 8d59690033b1cc2b462b2b9ed61ddeaebb6f9ab0 (patch) | |
| tree | f7556253569fdf6f9d3ac817deb20743cf5b4f14 /doc | |
| parent | 75706527c16fc62ec7db4e496db76e21c79c664a (diff) | |
| download | tor-8d59690033b1cc2b462b2b9ed61ddeaebb6f9ab0.tar tor-8d59690033b1cc2b462b2b9ed61ddeaebb6f9ab0.tar.gz | |
Defend against entry node path bias attacks
The defense counts the circuit failure rate for each guard for the past N
circuits. Failure is defined as the ability to complete a first hop, but not
finish completing the circuit all the way to the exit.
If the failure rate exceeds a certain amount, a notice is emitted.
If it exceeds a greater amount, a warn is emitted and the guard is disabled.
These values are governed by consensus parameters which we intend to tune as
we perform experiments and statistical simulations.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/tor.1.txt | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 468ed6394..65bdcfd7b 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1096,6 +1096,34 @@ The following options are useful only for clients (that is, if "auto" (recommended) then it is on for all clients that do not set FetchUselessDescriptors. (Default: auto) +**PathBiasCircTheshold** __NUM__ + + +**PathBiasNoticeRate** __NUM.__ + + +**PathBiasDisableRate** __NUM__ + + +**PathBiasScaleThreshold** __NUM__ + + +**PathBiasScaleFactor** __NUM__:: + These options override the default behavior of Tor's (**currently + experimental**) path bias detection algorithm. To try to find broken or + misbehaving guard nodes, Tor looks for nodes where more than a certain + fraction of circuits through that node fail after the first hop. The + PathBiasCircThreshold option controls how many circuits we need to build + through a guard before we make these checks. The PathBiasNoticeRate and + PathBiasDisableRate options control what fraction of circuits must + succeed through a guard before we will warn about it or disable it, + respectively. When we have seen more than PathBiasScaleThreshold + circuits through a guard, we divide our observations by + PathBiasScaleFactor, so that new observations don't get swamped by old + ones. + + + + By default, or if a negative value is provided for one of these options, + Tor uses reasonable defaults from the networkstatus consensus document. + If no defaults are available there, these options default to 20, .70, + .50, 200, and 4 respectively. + + SERVER OPTIONS -------------- |