[tor-project] Tor's history of D/DoS attacks; strategy for mitigation
Cory Francis Myers
cfm at acm.org
Wed Jul 19 15:43:27 UTC 2023
On Fri, Jul 14, 2023 at 01:32:55AM +0000, Mike Perry wrote:
> Most the probing attacks against relays that we saw probed for resource
> exhaustion conditions, which we will address via those conditions
> themselves. We did get a report of at least one instance of the typical UDP
> reflection flood against a Tor relay, though. It was quite large, but we
> only heard this report from one relay operator (and there are several
> thousand relay operators).
Thanks for clarifying, Mike. This is the more-generic class of attack
against which the DOTS standard would be most useful---which means it
probably won't be, for Tor relays, even apart from your caveat below.
> It is unlikely for us to get directly involved in IP address blacklist or IP
> address reputation games. Tor user experience is significantly degraded by
> these systems. While we are trying to pitch funding proposals to improve Tor
> exit IP address reputation, subjecting our user IP addresses to these
> systems seems anathema and unlikely.
Understood. Were this method to be effective, would you extend this
objection even to coordinated *short-term* (requested/cancellable)
mitigation, in contrast to a cumulative, long-lived reputation scheme?
> In general, we vastly prefer cryptographic rate limiting approaches, or
> deterrents like our pow system[1], over blacklist-based approaches.
>
> Now, if there were ideas being kicked around to cryptographically blind this
> data such that IP addresses were not revealed to anyone until they appear in
> multiple DoS event logs, that might be of interest.
Interesting! I will look into this approach as a possible extension of
the DOTS standard. Thanks for the suggestion.
--- cfm.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20230719/c08537f4/attachment.sig>
More information about the tor-project
mailing list