[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] DoS attacks on multiple relays
> On 9 Dec 2017, at 03:35, x9p <tor@xxxxxxx> wrote:
>
> Hidden Service operators, and private guards operators protecting yours
> Hidden Services, if you believe it is better safe than sorry, I strongly
> advise on blocking the above IP addresses in your firewall, while they are
> not pulled out of the network.
There's no evidence these guards are malicious. They might just be run
by an operator who doesn't know to set ContactInfo and MyFamily.
(And MyFamily is irrelevant for relays in a /16, anyway.)
We are working on vanguards in 0.3.3 to address onion service guard
discovery issues like this. That way, we change the entire network so
onion services are safer. Changing just a few makes them stick out.
By "private guards" do you mean "bridges"?
That would be a very bad idea: it would make the bridge and its onion
services stand out within minutes or hours on the network, because
each circuit gets a different middle node, and the nodes would not
be evenly distributed.
If you block a guards on an onion service, it will look different, but that
might be unnoticeable for a few months. (More precisely, it's safe in
proportion the guard rotation period, divided by the number of related
onion services blocking those guards, divided by the consensus weight
fraction of blocked guards. We don't expect that people will do this
calculation themselves, which is why we say "don't do that".)
But we really don't recommend people block guards or set EntryNodes
on an onion service. It's quite risky long-term.
T
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays