[tor-talk] advice to hidden service operators

Mansour Moufid mansourmoufid at gmail.com
Sun Nov 9 19:15:37 UTC 2014

Hi everyone,

I'd like to share some advice to operators of hidden services in order
to mitigate the attack family known as "traffic confirmation" attacks.

(I say mitigate because the early implementation of these attacks
are likely trivial enough to be defended against, for now, but will
get much better quickly.)

First, rate-limit traffic to individual clients at the firewall level
to some human number (eg a couple new connections per minute).  This
is a common protection against denial-of-service attacks, but in this
case should be set just high enough to be tolerable to users.

Second, HTTP servers should be configured to log access times and
requests, or time and request size if possible (and nothing else).
These logs should be remote.  This will help you understand an attack
better after the fact.

Finally, some low, constant background traffic will frustrate the
least competent attackers.

Good luck.


More information about the tor-talk mailing list