[tor-relays] DoS attacks on multiple relays

teor teor2345 at gmail.com
Sat Dec 9 02:40:43 UTC 2017


On 9 Dec 2017, at 13:24, x9p <tor at x9p.org> wrote:

>> By "private guards" do you mean "bridges"?
>> That would be a very bad idea: it would make the bridge and its onion
>> services stand out within minutes or hours on the network, because
>> each circuit gets a different middle node, and the nodes would not
>> be evenly distributed.
> 
> Sorry, I meant EntryNodes
> 
>> If you block a guards on an onion service, it will look different, but
>> that
>> might be unnoticeable for a few months. (More precisely, it's safe in
>> proportion the guard rotation period, divided by the number of related
>> onion services blocking those guards, divided by the consensus weight
>> fraction of blocked guards. We don't expect that people will do this
>> calculation themselves, which is why we say "don't do that".)
> 
> Would it be a better approach than firewall blocking, setting
> "ExcludeNodes + StrictNodes" with the offending/suspicious fingerprints?

No, this is much worse: it blocks these nodes for guard, middle, intro, and
rend points. That's even more detectable than blocking middle nodes after
a bridge.

If you must block, only block a few guards, and only short-term.

This is a hard area to get right - reducing the threat of node subsets needs
more research.

T


More information about the tor-relays mailing list