On 2023-07-05 12:50, Mike Perry wrote:
The most common attack has been either onion service related, or against the directory authorities. However, over the past year, we saw several attack attempts that appeared to target specific relays. This was a new phenomenon, at this scale.
[…]
Since the majority of DDoS activity has been onion service related, we expect [the proof-of-work] defense to act as a deterrent there, for most of the issues we have seen.
[…]
We recently obtained funding to fix these kinds of specific attacks against Guards, dirauths, and Exits, but many issues will remain confidential until we do so. We do not want to advertise which of these probing attacks were actually effective vs not, or why.
Thanks very much for this summary, Mike. It sounds like there is a clear division between (a) attacks targeting onion services, to be mitigated by the proof-of-work defense; and (b) attacks with a clearnet source or target, to be mitigated by this new work in progress.
For the latter, could there be value in a mechanism that allows nodes (especially relays) to coordinate either local or upstream blocking of traffic from D/DoS sources? This is the potential application I’m investigating of the IETF DOTS standard. But it may be an approach you’ve either already selected or ruled out.
--- cfm.