[tor-dev] Onion DoS: Killing rendezvous circuits over the application layer

teor teor at riseup.net
Mon Dec 9 02:12:55 UTC 2019


Hi,

There's also another negative we haven't considered:

> On 3 Dec 2019, at 00:16, George Kadianakis <desnacked at riseup.net> wrote:
> 
> Negatives:
> 
> a) It's a dirty hotfix that blends the networking layers and might be annoying
>   to maintain in the long-term.
> 
> b) It only works for HTTP (and without SSL?).

c) We'll need to make sure that this defence can't be triggered accidentally,
   (or maliciously via request or response content), otherwise it turns into
   another way of triggering a DoS.

For example, if we searched for a custom string anywhere in the data stream,
then any page documenting that string would be unavailable.

T


More information about the tor-dev mailing list