[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Layer-7 DoS Attack Against WWW Tor Hidden Service

>> Is there a way to limit resource usage originated from a single Tor circuit?

> There is no such functionality right now I'm afraid. People have been
> wanting some sort of functionality like that for a while:
> https://www.hackerfactor.com/blog/index.php?/archives/777-Stopping-Tor-Attacks.html
> but we haven't had time to develop/design something.

The first possible solution quickly came to my mind, was to do what i2p was
doing for years: assigning a placeholder IP address based on the 32-bit hash of
the circuit ID. It is not an ideal countermeasure, but it does work for simple
rate-limiting purpose and compatible with existing IP-based applications and

I've just checked the source code.


and it turned out that this feature from i2p was actually based on this patch
purposed in tor-dev mailing list!

[tor-dev] Patch: Hidden service: use inbound bind-address based on circuit ID

I don't know if it's still worth to try with this approach, or developing a
separate API should be the right way to go. Any other insights, anyone?

tor-talk mailing list - tor-talk AT lists.torproject.org
To unsubscribe or change other settings go to