On 04/07/2019 12:46, George Kadianakis wrote:
> David Goulet writes:
>> Overall, this rate limit feature does two things:
>>
>> 1. Reduce the overall network load.
>>
>>Soaking the introduction requests at the intro point helps avoid the
>>service creating pointless rendezvous circuits
David Goulet writes:
> On 30 May (09:49:26), David Goulet wrote:
>> Greetings!
>
> [snip]
>
> Hi everyone,
>
> I'm writing here to update on where we are about the introduction rate
> limiting at the intro point feature.
>
> The branch of #15516 (https://trac.torproject.org/15516) is ready to be
On 30 May (09:49:26), David Goulet wrote:
> Greetings!
[snip]
Hi everyone,
I'm writing here to update on where we are about the introduction rate
limiting at the intro point feature.
The branch of #15516 (https://trac.torproject.org/15516) is ready to be merged
upstream which implements a
On 06 Jun (20:03:52), George Kadianakis wrote:
> David Goulet writes:
>
> > Greetings!
> >
> >
> >
>
> Hello, I'm here to brainstorm about this suggested feature. I don't have
> a precise plan forward here, so I'm just talking.
>
> > Unfortunately, our circuit-level flow control does not
David Goulet writes:
> Greetings!
>
>
>
Hello, I'm here to brainstorm about this suggested feature. I don't have
a precise plan forward here, so I'm just talking.
> Unfortunately, our circuit-level flow control does not apply to the
> service introduction circuit which means that the intro
George Kadianakis writes:
> George Kadianakis writes:
>
>> juanjo writes:
>>
>>> Ok, thanks, I was actually thinking about PoW on the Introduction Point
>>> itself, but it would need to add a round trip, like some sort of
>>> "authentication based PoW" before allowing to send the INTRODUCE1
George Kadianakis writes:
> juanjo writes:
>
>> Ok, thanks, I was actually thinking about PoW on the Introduction Point
>> itself, but it would need to add a round trip, like some sort of
>> "authentication based PoW" before allowing to send the INTRODUCE1 cell.
>> At least it would make the
juanjo writes:
> Ok, thanks, I was actually thinking about PoW on the Introduction Point
> itself, but it would need to add a round trip, like some sort of
> "authentication based PoW" before allowing to send the INTRODUCE1 cell.
> At least it would make the overhead of clients higher than
Ok, thanks, I was actually thinking about PoW on the Introduction Point
itself, but it would need to add a round trip, like some sort of
"authentication based PoW" before allowing to send the INTRODUCE1 cell.
At least it would make the overhead of clients higher than I.P. as the
clients would
On Thu, May 30, 2019 at 09:03:40PM +0200, juanjo wrote:
> And just came to my mind reading this, that to stop these attacks we could
> implement some authentication based on Proof of Work or something like that.
> This means that to launch such an attack the attacker (client level) should
>
On Fri, May 31, 2019 at 08:15:16PM +0200, juanjo wrote:
> As far as I understand INTRODUCE2 cells are sent by Introduction Points
> directly to the Hidden Service. But this only happens after a Client sends
> the INTRODUCE1 cell to the Introduction Point.
>
> Now the question is, do we allow more
Hello, can someone answer some questions I have about how this attacks work?
As far as I understand INTRODUCE2 cells are sent by Introduction Points
directly to the Hidden Service. But this only happens after a Client
sends the INTRODUCE1 cell to the Introduction Point.
Now the question is,
On 31 May (00:46:56), teor wrote:
> Hi,
>
> > On 30 May 2019, at 23:49, David Goulet wrote:
> >
> > Over the normal 3 intro points a service has, it means 150 introduction
> > per-second are allowed with a burst of 600 in total. Or in other words, 150
> > clients can reach the service every
Nice to try to stop this DoS vulnerability at network design level.
Can we have an estimation of when will be released this antiDoS
features? 0.4.1.x or 0.4.2.x ?
And just came to my mind reading this, that to stop these attacks we
could implement some authentication based on Proof of Work
Hi,
> On 30 May 2019, at 23:49, David Goulet wrote:
>
> Over the normal 3 intro points a service has, it means 150 introduction
> per-second are allowed with a burst of 600 in total. Or in other words, 150
> clients can reach the service every second up to a burst of 600 at once. This
>
Greetings!
As some of you know, a bunch of onion services were or are still under heavy
DDoS on the network. More specifically, they are bombarded with introduction
requests (INTRODUCE2 cells) which forces them to rendezvous for each of them
by creating a ton of circuits.
This basically leads to
16 matches
Mail list logo
