[tor-bugs] #8485 [GetTor]: Gettor: TBB too big now for Gmail
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri May 3 01:20:14 UTC 2013
#8485: Gettor: TBB too big now for Gmail
----------------------+-----------------------------------------------------
Reporter: mo | Owner: mo
Type: defect | Status: assigned
Priority: critical | Milestone:
Component: GetTor | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------+-----------------------------------------------------
Comment(by mrphs):
Replying to [comment:25 runa]:
> What happens if someone decides to flood us with 500 requests? Will
Google Drive be happy if we suddenly switch between accounts and upload
500 copies of the bundle? What about the host uploading the files?
The attack should hit all the 10 accounts equally, 50 request for each
(~2000MB).
Not sure how Google would feel about that. Theoretically, there shouldn't
be a problem. But let's think of the opposite.
Here are some random thoughts:
- We should check the header for patterns... IP space, protocol, whether
it's from Gmail or not. If matched the pattern, we'll reply them with a
message like this:
"We're receiving too many requests from your IP. Are you a human? please
reply with the answer of this question:" 2+2=?
- Or we can reply with mirror links only. with a note of course to clarify
why they didn't get the unique url. Or a mix of this and previous idea.
- Upgrading storage to 100GB ($10/m) or 1TB ($50/m) and then one account
should be able to handle the whole traffic. But of course, there's no fun
at it.
- Using NginX to handle the attacks? //not quite sure about this one tho.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8485#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list