Matt Thorne writes: > correct me if I am wrong, but Dos attacks would require quite a bit of > bandwidth, and usually follow some very distinct modus operandi. > probably noticeable by the tor client. Is there a way to build some > kind of Dos and DDos protection into the tor network or maybe even the > client. if only to keep it from being abused in this fashion? DoS attacks are only effective if the attacker can impose higher resource costs on the victim than the attacker must pay to mount the attack. For example, an attacker can open many TCP connections to a server but never complete them; the server must keep the half-open connection open for a specified length of time, while the attacker can simply never respond. On a server open to the world, this can seriously degrade or destroy performance. Similarly, an attacker can cause some operating systems to behave badly by setting incoherent sets of options on a TCP circuit. Since Tor normalizes TCP packets, some types of attacks are not possible via Tor. The Slashdot and Wikipedia problem is entirely at the content layer, not at the network or transport layers. Tor itself is not concerned with the content layer. -- http://www.eff.org/about/staff/#chris_palmer
Attachment:
pgp53e0FafYKc.pgp
Description: PGP signature