[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] Putting onion services behind a third-party TCP proxy

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-dev] Putting onion services behind a third-party TCP proxy
From: Pop Chunhapanya <pop@xxxxxxxxxxxxxx>
Date: Wed, 14 Aug 2019 12:10:27 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 14 Aug 2019 15:10:53 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:from:date:message-id:subject:to; bh=qQQCSuqfDu4DPyL2yEGDsJO2R9Aa93BalvrbUzwA0So=; b=M2ztjIquCKcCUtGtdZNU2fN3XaQi9fiPJxKnPLZIOmit6SkD41sut8AxztAEUw79Wd i/mZLctavQjjhRBwt5WHoYjGa5lG6F751jqo4dFnJYdZN/UHzEIQAt4QKxBGq276+Vrw StGBkkJ/7zM751H8L7onvKE+mIFcakbnK4bEM=
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi all,

When deploying an onion service, I noticed some problem that the ip address of my machine that runs tor daemon is exposed to the Tor network which is vulnerable to the DDoS attack if someone knows my ip address.

So I'm thinking putting the tor daemon behind some third party TCP proxy that will protect me from this kind of DDoS attack.

What do you think if I want to implement a feature that forward all the onion service traffic to the TCP proxy before going to the Tor network?

The protocol that I'm thinking is TCP Proxy Protocol [1]

[1] https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Putting onion services behind a third-party TCP proxy
  - From: grarpamp
- Re: [tor-dev] Putting onion services behind a third-party TCP proxy
  - From: teor

Prev by Author: Re: [tor-dev] TBB Memory Allocator choice fingerprint implications
Next by Author: Re: [tor-dev] Putting onion services behind a third-party TCP proxy
Previous by thread: Re: [tor-dev] Optimistic SOCKS Data
Next by thread: Re: [tor-dev] Putting onion services behind a third-party TCP proxy
Index(es):
- Author
- Thread