[tor-relays] Detecting Network Attack [re: exit synflooded]

teor teor2345 at gmail.com
Sat Nov 25 22:15:36 UTC 2017


> On 26 Nov 2017, at 07:14, grarpamp <grarpamp at gmail.com> wrote:
> 
> The subject of this new thread is detecting network
> attack upon tor network / relays itself.

Nick Mathewson has mentioned wanting to do this for Tor protocol
violations. But we need a privacy-preserving aggregation scheme in
Tor so we can do these counts safely.

(Otherwise, anyone who can remotely trigger a rare protocol
violation can find out which relays a client or onion service is using.)

When we create this list, we will also think about what other kinds
of attacks on the network we can reliably detect and monitor.

We're limited in the number of counters we can create for these
events, and they must track integer counts.

Do you have a "top 5" list of attacks we could detect this way?

T


More information about the tor-relays mailing list