[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] DoS attacks on multiple relays

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] DoS attacks on multiple relays
From: "x9p" <tor@xxxxxxx>
Date: Sat, 9 Dec 2017 00:24:50 -0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 08 Dec 2017 21:25:22 -0500
Importance: Normal
In-reply-to: <196C2302-FCA3-4EA6-92E5-2E812315014D@gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CAMsVPocKpkmsoF2ys400GKrh93qxg1Cfka68YCEKS+rGm9TY9Q@mail.gmail.com> <5A25ADB5.20501@quantentunnel.de> <5a25cf0d.ca6f1c0a.a51df.eb81SMTPIN_ADDED_BROKEN@mx.google.com> <CAMsVPodOKdDDDSAV11S=MSAsPcCQXFv=VPVEFzjL+nzZs=bNPA@mail.gmail.com> <5a267bc1.44d11c0a.29398.24d5SMTPIN_ADDED_BROKEN@mx.google.com> <CAMsVPodxZfzp7mdqwksSXwb1u0ibANQSvS3WoZde+edB7auNPw@mail.gmail.com> <201712060813.vB68DIwB028502@sdf.org> <4071D0DD-250F-46F7-9793-80E311E156AA@gmail.com> <201712070856.vB78uedg016800@sdf.org> <CAD2Ti28kbOnMnxkM76re3yrt-wH=oWQmJfcfZSP=JfHXG7jH6Q@mail.gmail.com> <201712080131.vB81VIXO002823@sdf.org> <CAD2Ti296RSzdabR1J8umm22NWdZAme1QKORSUXtavxHvunmmTA@mail.gmail.com> <5a2abf4d.2499df0a.8d666.1d2bSMTPIN_ADDED_BROKEN@mx.google.com> <196C2302-FCA3-4EA6-92E5-2E812315014D@gmail.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

> On 8 Dec 2017, at 19:25, "teor" <teor2345@xxxxxxxxx> wrote:

> There's no evidence these guards are malicious. They might just be run
> by an operator who doesn't know to set ContactInfo and MyFamily.
> (And MyFamily is irrelevant for relays in a /16, anyway.)

Agree. There are good indicators, not evidence. Thats why I said to not
block those, but do so if you feel better safe than sorry.

> We are working on vanguards in 0.3.3 to address onion service guard
> discovery issues like this. That way, we change the entire network so
> onion services are safer. Changing just a few makes them stick out.

Nice to hear that! Nothing against the big boys collecting stuff to
correlate later, but if they really want to do so, at least have some hard
work integrating different cloud providers APIs to setup their servers.

> By "private guards" do you mean "bridges"?
> That would be a very bad idea: it would make the bridge and its onion
> services stand out within minutes or hours on the network, because
> each circuit gets a different middle node, and the nodes would not
> be evenly distributed.

Sorry, I meant EntryNodes

> If you block a guards on an onion service, it will look different, but
> that
> might be unnoticeable for a few months. (More precisely, it's safe in
> proportion the guard rotation period, divided by the number of related
> onion services blocking those guards, divided by the consensus weight
> fraction of blocked guards. We don't expect that people will do this
> calculation themselves, which is why we say "don't do that".)

Would it be a better approach than firewall blocking, setting
"ExcludeNodes + StrictNodes" with the offending/suspicious fingerprints?

> But we really don't recommend people block guards or set EntryNodes
> on an onion service. It's quite risky long-term.

Disagree about not setting EntryNodes, but agree EntryNodes shouldn't be
long-term. They should be rotated from time to time, different providers.

>
> T
>

cheers.

x9p



_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] DoS attacks on multiple relays
  - From: null
- Re: [tor-relays] DoS attacks on multiple relays
  - From: Felix
- Re: [tor-relays] DoS attacks on multiple relays
  - From: null
- Re: [tor-relays] DoS attacks on multiple relays
  - From: null
- Re: [tor-relays] DoS attacks on multiple relays
  - From: Scott Bennett
- Re: [tor-relays] DoS attacks on multiple relays
  - From: teor
- Re: [tor-relays] DoS attacks on multiple relays
  - From: Scott Bennett
- Re: [tor-relays] DoS attacks on multiple relays
  - From: grarpamp
- Re: [tor-relays] DoS attacks on multiple relays
  - From: Scott Bennett
- Re: [tor-relays] DoS attacks on multiple relays
  - From: grarpamp
- Re: [tor-relays] DoS attacks on multiple relays
  - From: teor

Prev by Author: Re: [tor-relays] Action relays on 188.214.30.0/24 subnet
Next by Author: Re: [tor-relays] ISP is aking me to send a selfie holding my identity card
Previous by thread: Re: [tor-relays] DoS attacks on multiple relays
Next by thread: Re: [tor-relays] DoS attacks on multiple relays
Index(es):
- Author
- Thread