#24902: Denial of Service mitigation subsystem
-----------------------------+------------------------------------
 Reporter:  dgoulet          |          Owner:  dgoulet
     Type:  enhancement      |         Status:  needs_review
 Priority:  Medium           |      Milestone:  Tor: 0.3.3.x-final
Component:  Core Tor/Tor     |        Version:
 Severity:  Normal           |     Resolution:
 Keywords:  ddos, tor-relay  |  Actual Points:
Parent ID:                   |         Points:
 Reviewer:                   |        Sponsor:
-----------------------------+------------------------------------

Comment (by dgoulet):

 Replying to [comment:3 teor]:
 > As I suggested privately, I believe the best defense against tor traffic
 via an exit is to count unauthenticated (client, bridge, onion service)
 and authenticated (public relay) connections separately.

 Yes indeed, that part is missing. I'm not entirely sure why we should
 track independently connections here, this DoS mitigation only tracks
 client connections.

 So basically, I think we could do this for this extra "Exit detection"
 protection which would be to check if it is a known digest and maybe also
 check if we do have a matching non client channel for the address. What do
 you think?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24902#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Reply via email to