[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Layer-7 DoS Attack Against WWW Tor Hidden Service
bob1983 <bob1983@xxxxxxxxxxxxxx> writes:
>>> Is there a way to limit resource usage originated from a single Tor circuit?
>> There is no such functionality right now I'm afraid. People have been
>> wanting some sort of functionality like that for a while:
>> but we haven't had time to develop/design something.
> The first possible solution quickly came to my mind, was to do what i2p was
> doing for years: assigning a placeholder IP address based on the 32-bit hash of
> the circuit ID. It is not an ideal countermeasure, but it does work for simple
> rate-limiting purpose and compatible with existing IP-based applications and
> I've just checked the source code.
> and it turned out that this feature from i2p was actually based on this patch
> purposed in tor-dev mailing list!
> [tor-dev] Patch: Hidden service: use inbound bind-address based on circuit ID
> I don't know if it's still worth to try with this approach, or developing a
> separate API should be the right way to go. Any other insights, anyone?
Thanks for this information bob1983. I opened ticket #24298 to handle
the generic issue of DoS attacks, and also opened #24299 to investigate
the I2P feature you mentioned. Hopefully we can find some time to work
on this, or it might give the community a place to design stuff.
I'm also wondering how the I2P community is using that feature. I have
asked some I2P friends and waiting for answers.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to