[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Detecting Network Attack [re: exit synflooded]

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Detecting Network Attack [re: exit synflooded]
From: teor <teor2345@xxxxxxxxx>
Date: Sun, 26 Nov 2017 09:15:36 +1100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 25 Nov 2017 17:15:59 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:content-transfer-encoding:mime-version:date:subject:message-id :references:in-reply-to:to; bh=3MsZMZesjvdhz/DdODN2vzolAacZqGMCBHbRxsUwIgE=; b=vG/sTo0+6h8WV5hEwuY8bo1LkKGbHpI3UMwCIdW7HiApNnHzIh0dboaxwx/kcmd4Xc QKxuhlVcUVcOnClHwPSeQTlHmnP7GN7IZhxLlKio/ZpCBiBrRRpDoOHl6/CwS05vUKMk XOl+NawcRTCSLMW4/KhnmN1mev24W/I6urCgj/hHylXKSzh/EfxnDijmZrlf6U1QtDx2 TnibR6tSJCZaOra41xSWTgdFmFlr+NdWAXk/lh8r9bWbMeqsK+03hGToycMslzV7P9vH kCkx5OdzEM0Ae9ggor01WQ2A8OeemXhoUZaLhxP7VedPuZbMklFJy6atNg3DuSf3qpb+ njkw==
In-reply-to: <CAD2Ti2-mYzBokHhL0i9Kt6CYLGrtjCT5VRQAKzLZSjMa88W0AA@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <5a19cb67.77ad.76b72700.469de63e@t-3.net> <CAD2Ti2-mYzBokHhL0i9Kt6CYLGrtjCT5VRQAKzLZSjMa88W0AA@mail.gmail.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

> On 26 Nov 2017, at 07:14, grarpamp <grarpamp@xxxxxxxxx> wrote:
> 
> The subject of this new thread is detecting network
> attack upon tor network / relays itself.

Nick Mathewson has mentioned wanting to do this for Tor protocol
violations. But we need a privacy-preserving aggregation scheme in
Tor so we can do these counts safely.

(Otherwise, anyone who can remotely trigger a rare protocol
violation can find out which relays a client or onion service is using.)

When we create this list, we will also think about what other kinds
of attacks on the network we can reliably detect and monitor.

We're limited in the number of counters we can create for these
events, and they must track integer counts.

Do you have a "top 5" list of attacks we could detect this way?

T
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Detecting Network Attack [re: exit synflooded]
  - From: grarpamp

References:
- Re: [tor-relays] Detecting Network Attack [re: exit synflooded]
  - From: tor
- Re: [tor-relays] Detecting Network Attack [re: exit synflooded]
  - From: grarpamp

Prev by Author: Re: [tor-relays] Pretty sure our exit was being synflooded
Next by Author: Re: [tor-relays] my IP got blocked
Previous by thread: Re: [tor-relays] Detecting Network Attack [re: exit synflooded]
Next by thread: Re: [tor-relays] Detecting Network Attack [re: exit synflooded]
Index(es):
- Author
- Thread