[tor-relays] Lawsuit threat over (unlikely?) SYN flood
Jim
jimmymac at copper.net
Thu Feb 24 23:03:16 UTC 2011
Formless Networking wrote:
> Since SYN floods can be spoofed, and since Tor nodes don't really have
> the resource amplification that typically makes them effective, I'm
> assuming it's probably just someone who forgot to take their meds for a
> while and/or who is just making things up to try to chill our tor node
> off line.
I'm certainly no networking expert, but I didn't think a SYN attack
could come from a properly functioning Tor exit anyway -- w/o even
getting into how rapidly the packets are sent.
I thought a SYN attack was sending the first packet for a TCP handshake
and then not responding to the SYN-ACK coming back. My understanding of
Tor is that a user can send information to and receive info from the
target IP address via the Tor exit but that the originator has no
control over the low level details of that network traffic. I.e. the
handshakes (or lack thereof) are controlled by the Tor exit itself.
What am I missing?
Jim
More information about the tor-relays
mailing list