[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Why Crimekit Atrax will attract attention

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Why Crimekit Atrax will attract attention
From: Roger Dingledine <arma@xxxxxxx>
Date: Thu, 28 Nov 2013 05:26:06 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 28 Nov 2013 05:41:12 -0500
In-reply-to: <CACk28AVJ_eCTxm33CZxo0et1y7w2cVjs+asgZO-gznnVEr=dZg@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CACk28AVJ_eCTxm33CZxo0et1y7w2cVjs+asgZO-gznnVEr=dZg@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.20 (2009-06-14)

On Thu, Nov 28, 2013 at 08:00:37AM -0200, Noilson Caio wrote:
> https://www.csis.dk/en/csis/blog/4103/
> 
> I know that amplification attacks are not problems in the Tor network
> (Enter one
> bit comes out a bit). DDOS tools originated in the Tor network tend to clog
> the output nodes. Correct ?

Yes:
https://www.torproject.org/docs/faq-abuse#DDoS

That said, not all ddos attacks involve just simple flooding with
traffic. Some of the attacks described on your url use very little
traffic, e.g. instead relying on clogging up the cpu of the target
machine by asking it to provide complex answers.

The right answer to those attacks is "then don't design your services
that way", but for many currently deployed services that's a long-term
dream, not a short-term fix.

*That* said, I would expect bots in this situation to use Tor for C&C,
and do the distributed attacks directly. It's pretty silly to do a
"distributed" attack from 5000 places but then funnel it all into Tor.

Or said more clearly, if you have a botnet, use it -- you don't need Tor.

--Roger

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Why Crimekit Atrax will attract attention
  - From: Noilson Caio

References:
- [tor-talk] Why Crimekit Atrax will attract attention
  - From: Noilson Caio

Prev by Author: Re: [tor-talk] How secure is check.torproject.org?
Next by Author: Re: [tor-talk] Why my relay doesn't get any traffic and doesn't show up in the list torstatus.blutmagie.de ?
Previous by thread: [tor-talk] Why Crimekit Atrax will attract attention
Next by thread: Re: [tor-talk] Why Crimekit Atrax will attract attention
Index(es):
- Author
- Thread