[tor-talk] DDoS attack prevention at entry nodes?
grarpamp
grarpamp at gmail.com
Thu Jan 3 06:00:03 UTC 2013
> Would it be possible to add prevention of such attacks on all entry nodes in the code?
1) Client sessions to HS usually traverse one circuit
2) That circuit is encrypted from eavesdropping.
So no, not really possible to manage that.
The client could do it, but people would disable that code.
The most an entry can really do is limit bandwidth or circuit count.
Bandwidth is cheaper on Tor right now, whereas transactions more expensive.
Because of this transaction cost, 'DDoS'ing a beefy HS is pretty
hard to do without help. There are some big hidden services out there that
don't seem to have much trouble being well used by user traffic.
If you're experiencing an issue with your HS, try some standard
remedies:
1) Use accounts and limits
2) Set connection limits
3) Save or buy bandwidth
4) Distribute load / cpu
More information about the tor-talk
mailing list