[tor-onions] DDoS, Single Onion Services and IP Addresses
David Goulet
dgoulet at torproject.org
Fri Feb 2 13:09:25 UTC 2018
On 02 Feb (00:23:14), Alec Muffett wrote:
> I am not going to pretend that I fully understand the DDoS mitigations yet,
> but experience at two jobs has taught me that at least three entire
> countries essentially present themselves from behind small numbers of
> heavily NATed addresses, so I hope that the mitigations are NAT-friendly.
>
> ISTR that UAE and Singapore are two such, I forget the third?
I've been running the circuit creation mitigation for weeks now in different
forms which had much more aggressive threshold in the beginning.
At most, my Guard identified 550 ish client address for which I've
investigated a bit. They were all from big hosting corp that is
dedicatedpanel.com, vultr.com LeaseWeb and Hetzner (the OVH clients were gone
at that time).
The majority (82%) was Hetzner.
Thus so far I would say that it is not impacting that much single countries
NATed in some ways or another.
This doesn't mean it won't be *especially* when 70% of the network will be
rolling out those defenses. We really need to keep a sharp eye on this and
adjust accordingly.
Cheers!
David
--
Wbu/qrEyrunjWnT0UyaZiV4x9ISE3TmR5yicMuxsU4E=
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-onions/attachments/20180202/319a7a70/attachment.sig>
More information about the tor-onions
mailing list