[tor-project] Tor's history of D/DoS attacks; strategy for mitigation
Cory Francis Myers
cfm at acm.org
Thu Jul 13 20:23:44 UTC 2023
On 2023-07-05 12:50, Mike Perry wrote:
> The most common attack has been either onion service related, or
> against the directory authorities. However, over the past year, we saw
> several attack attempts that appeared to target specific relays. This
> was a new phenomenon, at this scale.
>
> […]
>
> Since the majority of DDoS activity has been onion service related, we
> expect [the proof-of-work] defense to act as a deterrent there, for
> most
> of the issues we have seen.
>
> […]
>
> We recently obtained funding to fix these kinds of specific attacks
> against Guards, dirauths, and Exits, but many issues will remain
> confidential until we do so. We do not want to advertise which of
> these probing attacks were actually effective vs not, or why.
Thanks very much for this summary, Mike. It sounds like there is a
clear division between (a) attacks targeting onion services, to be
mitigated by the proof-of-work defense; and (b) attacks with a clearnet
source or target, to be mitigated by this new work in progress.
For the latter, could there be value in a mechanism that allows nodes
(especially relays) to coordinate either local or upstream blocking of
traffic from D/DoS sources? This is the potential application I’m
investigating of the IETF DOTS standard. But it may be an approach
you’ve either already selected or ruled out.
--- cfm.
--
Cory Myers
0x0F786C3435E961244B69B9EC07AD35D378D10BA0
More information about the tor-project
mailing list