[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] DDoS attack prevention at entry nodes?

> Would it be possible to add prevention of such attacks on all entry nodes in the code?

1) Client sessions to HS usually traverse one circuit
2) That circuit is encrypted from eavesdropping.
So no, not really possible to manage that.

The client could do it, but people would disable that code.
The most an entry can really do is limit bandwidth or circuit count.
Bandwidth is cheaper on Tor right now, whereas transactions more expensive.
Because of this transaction cost, 'DDoS'ing a beefy HS is pretty
hard to do without help. There are some big hidden services out there that
don't seem to have much trouble being well used by user traffic.
If you're experiencing an issue with your HS, try some standard
1) Use accounts and limits
2) Set connection limits
3) Save or buy bandwidth
4) Distribute load / cpu
tor-talk mailing list