[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] DDoS attack prevention at entry nodes?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] DDoS attack prevention at entry nodes?
From: grarpamp <grarpamp@xxxxxxxxx>
Date: Thu, 3 Jan 2013 01:00:03 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 03 Jan 2013 01:00:15 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=Qsi6cbRl7le0v85cVecJdM0ZJg0csf7WJElIBL8n920=; b=yzvZk9ZfCj5bbT4n1f5/u3SlXrLzAfx5EJfnnHdy56AunRg6dgNzDj5b6UEYHmTQT/ 4fGrQhur8kYExMLXek/UQZt1Y4ZTymWjJ1FS/k5ZrLGgXqYeuM7wkQrFcUQCK4kN9y++ j+eqZuNe6lL1FoDI7u+s0cFmYnZEokaWOLPSWbvU3E1F5NMLOpSk6dIp5yFY9FnA9lfq ymHZ1x9ZyI4u098OrjTIGtEgKHNctGWSprK5j84mIOiyEvoBTlx/40jWg6Fk5INTOwXx QBZncy2UN6AHBMyHdLwPOnJvzVdhplh3E833K1T8oOcjmboAycQb9OCrkkY5KuCPNnHu I9PQ==
In-reply-to: <N1-4ZwsZH4uoL@xxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <N1-4ZwsZH4uoL@xxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

> Would it be possible to add prevention of such attacks on all entry nodes in the code?

1) Client sessions to HS usually traverse one circuit
2) That circuit is encrypted from eavesdropping.
So no, not really possible to manage that.

The client could do it, but people would disable that code.
The most an entry can really do is limit bandwidth or circuit count.
Bandwidth is cheaper on Tor right now, whereas transactions more expensive.
Because of this transaction cost, 'DDoS'ing a beefy HS is pretty
hard to do without help. There are some big hidden services out there that
don't seem to have much trouble being well used by user traffic.
If you're experiencing an issue with your HS, try some standard
remedies:
1) Use accounts and limits
2) Set connection limits
3) Save or buy bandwidth
4) Distribute load / cpu
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] DDoS attack prevention at entry nodes?
  - From: hikki

Prev by Author: [tor-talk] Errors in logfile, tor relay stuck @ 100% CPU
Next by Author: Re: [tor-talk] On the Theory of Remailers
Previous by thread: [tor-talk] DDoS attack prevention at entry nodes?
Next by thread: Re: [tor-talk] Pluggable Transports metrics?
Index(es):
- Author
- Thread