#24902: Denial of Service mitigation subsystem -----------------------------+------------------------------------ Reporter: dgoulet | Owner: dgoulet Type: enhancement | Status: needs_review Priority: Medium | Milestone: Tor: 0.3.3.x-final Component: Core Tor/Tor | Version: Severity: Normal | Resolution: Keywords: ddos, tor-relay | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: -----------------------------+------------------------------------
Comment (by dgoulet): Replying to [comment:3 teor]: > As I suggested privately, I believe the best defense against tor traffic via an exit is to count unauthenticated (client, bridge, onion service) and authenticated (public relay) connections separately. Yes indeed, that part is missing. I'm not entirely sure why we should track independently connections here, this DoS mitigation only tracks client connections. So basically, I think we could do this for this extra "Exit detection" protection which would be to check if it is a known digest and maybe also check if we do have a matching non client channel for the address. What do you think? -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24902#comment:5> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs