[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] advice to hidden service operators

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] advice to hidden service operators
From: Mansour Moufid <mansourmoufid@xxxxxxxxx>
Date: Sun, 9 Nov 2014 14:15:37 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 09 Nov 2014 14:17:52 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:subject:message-id:mime-version:content-type :content-transfer-encoding; bh=0hP4U8FJVM7Xicnba53sbZiWLJ6G5GWcTJCC4rsOCMg=; b=pk5X3cZylc1Ri7Vfx/w734OJc6sazsbseZvt+mYr1SeUd77cmQxbZkwndinqxXdmOQ E9/kxFJqaf/lA0dVjOos75XT9QntogqAtxroh5QFGXcDfLarb3NAdDzkjVhEOqR20Sv5 XqwOUnMecDri+V+DLjY0XnhQu2ZwfNn2jkk2PqoSyVRsBFw8jlVQ7m1H5N2G6m8i7Wwx H0u4fomCZD/eHGchEw8e51flx+DpjvafHxuFG/dlYtcA2D2rPBg66n40iPJ4YYhw4EJj l9GChzHai94IVv3x4mM/Fu3b7wvwTZVpKql5zeJf9cw0at22P0oqMYyV65Rw7AUuYzpo 7FPQ==
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi everyone,

I'd like to share some advice to operators of hidden services in order
to mitigate the attack family known as "traffic confirmation" attacks.

(I say mitigate because the early implementation of these attacks
are likely trivial enough to be defended against, for now, but will
get much better quickly.)

First, rate-limit traffic to individual clients at the firewall level
to some human number (eg a couple new connections per minute).  This
is a common protection against denial-of-service attacks, but in this
case should be set just high enough to be tolerable to users.

Second, HTTP servers should be configured to log access times and
requests, or time and request size if possible (and nothing else).
These logs should be remote.  This will help you understand an attack
better after the fact.

Finally, some low, constant background traffic will frustrate the
least competent attackers.

Good luck.


Mansour
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Prev by Author: Re: [tor-talk] Onion/hidden services
Next by Author: [tor-talk] latest generation traffic confirmation attacks
Previous by thread: Re: [tor-talk] Tor Blog: "Thoughts and Concerns about Operation Onymous"
Next by thread: Re: [tor-talk] Someone is crawling TorHS Directories: Honeypot
Index(es):
- Author
- Thread