[tor-relays] Combined relay and hidden service, good idea or not?

Dave Warren dw at thedave.ca
Tue Jan 9 18:56:05 UTC 2018

On 2018-01-08 16:08, Roger Dingledine wrote:
> On Mon, Jan 08, 2018 at 03:59:25PM -0700, Dave Warren wrote:
>>   Even if Tor didn't supply any relay
>> statistics, a curious and enterprising individual could "explore" by seeing
>> what happens to a particular onion when one launches a DoS attack against an
>> external IP that one believes might be connected to the .onion service.
> Yep. If you want to go a step further, check out this paper:
> https://www.freehaven.net/anonbib/#remote-traffic-pets12
> where they investigate inducing congestion on a target IP address
> to learn *what web page it's loading*.
> Turns out the attack is only effective in certain situations, but
> the fact that it's worth taking seriously at all is bad news for
> the Internet as a whole.

I forgot about that one! Not a surprise that it's possible in certain 
circumstances, I suppose.

Nonetheless, a hidden service should be relatively immune if the IP 
address isn't known (and isn't trivially determined, such as also 
hosting a relay).

More information about the tor-relays mailing list