On Fri, Jul 14, 2023 at 01:32:55AM +0000, Mike Perry wrote: > Most the probing attacks against relays that we saw probed for resource > exhaustion conditions, which we will address via those conditions > themselves. We did get a report of at least one instance of the typical UDP > reflection flood against a Tor relay, though. It was quite large, but we > only heard this report from one relay operator (and there are several > thousand relay operators). Thanks for clarifying, Mike. This is the more-generic class of attack against which the DOTS standard would be most useful---which means it probably won't be, for Tor relays, even apart from your caveat below. > It is unlikely for us to get directly involved in IP address blacklist or IP > address reputation games. Tor user experience is significantly degraded by > these systems. While we are trying to pitch funding proposals to improve Tor > exit IP address reputation, subjecting our user IP addresses to these > systems seems anathema and unlikely. Understood. Were this method to be effective, would you extend this objection even to coordinated *short-term* (requested/cancellable) mitigation, in contrast to a cumulative, long-lived reputation scheme? > In general, we vastly prefer cryptographic rate limiting approaches, or > deterrents like our pow system[1], over blacklist-based approaches. > > Now, if there were ideas being kicked around to cryptographically blind this > data such that IP addresses were not revealed to anyone until they appear in > multiple DoS event logs, that might be of interest. Interesting! I will look into this approach as a possible extension of the DOTS standard. Thanks for the suggestion. --- cfm.
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-project mailing list tor-project@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project