Onion Services operators please enable tor PoW defense
Hi, As some of you might have noticed, we have a high load situation on the network for a couple of weeks now affecting in particular onion services (but not only them).[1] We recommend Onion Services operators to enable our Proof of Work (PoW) defense[2][3] and finetune their torrc[4]. If you're running onion services with onionbalance, though, PoW is currently not supported[5], but we're interested in hearing from you if this is a feature that we should prioritize. Thanks, Gus ps: this advice does not apply to relay operators, only to onion services operators. [1] https://status.torproject.org/issues/2024-05-14-network-performance-issues/ [2] https://blog.torproject.org/introducing-proof-of-work-defense-for-onion-serv... [3] https://community.torproject.org/onion-services/ecosystem/technology/pow/ [4] https://community.torproject.org/onion-services/advanced/dos/ [5] https://community.torproject.org/onion-services/ecosystem/technology/pow/#is... -- The Tor Project Community Team Lead
I forgot to mention that Onion Services PoW is not yet fully implemented in Arti. cheers, Gus On Wed, Jun 05, 2024 at 09:50:20AM -0300, gus wrote:
Hi,
As some of you might have noticed, we have a high load situation on the network for a couple of weeks now affecting in particular onion services (but not only them).[1]
We recommend Onion Services operators to enable our Proof of Work (PoW) defense[2][3] and finetune their torrc[4].
If you're running onion services with onionbalance, though, PoW is currently not supported[5], but we're interested in hearing from you if this is a feature that we should prioritize.
Thanks, Gus
ps: this advice does not apply to relay operators, only to onion services operators.
[1] https://status.torproject.org/issues/2024-05-14-network-performance-issues/ [2] https://blog.torproject.org/introducing-proof-of-work-defense-for-onion-serv... [3] https://community.torproject.org/onion-services/ecosystem/technology/pow/ [4] https://community.torproject.org/onion-services/advanced/dos/ [5] https://community.torproject.org/onion-services/ecosystem/technology/pow/#is... -- The Tor Project Community Team Lead
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-- The Tor Project Community Team Lead
On Mittwoch, 5. Juni 2024 14:50:20 CEST gus wrote:
Hi,
As some of you might have noticed, we have a high load situation on the network for a couple of weeks now affecting in particular onion services (but not only them).[1]
We recommend Onion Services operators to enable our Proof of Work (PoW) defense[2][3] and finetune their torrc[4].
As a little help, defaults from 0.4.8.11 ### IntroDoSDefense & PoWDefenses are disabled by default # # https://community.torproject.org/onion-services/ecosystem/technology/pow/ # More details, see: 'man torrc' DENIAL OF SERVICE MITIGATION OPTIONS # Tor Network values set by the consensus, if any, can be found here: # https://consensus-health.torproject.org/#consensusparams HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 80 127.0.0.1:80 HiddenServicePort 80 [::1]:80 # HiddenService options are per onion service: HiddenServiceEnableIntroDoSDefense 1 #HiddenServiceEnableIntroDoSBurstPerSec 200 # (Default: 200) #HiddenServiceEnableIntroDoSRatePerSec 25 # (Default: 25) HiddenServicePoWDefensesEnabled 1 #HiddenServicePoWQueueRate 250 # (Default: 250) #HiddenServicePoWQueueBurst 2500 # (Default: 2500) #CompiledProofOfWorkHash auto # (Default: auto) HiddenServiceDir /var/lib/tor/other_hidden_service/ HiddenServicePort 22 127.0.0.1:22 HiddenServicePort 22 [::1]:22 HiddenServiceEnableIntroDoSDefense 1 ... For larger websites and forums like Dread: https://blog.nihilism.network/servers/endgame/index.html -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!
participants (3)
-
gus -
lists@for-privacy.net -
Toralf Förster