Delivery-Date: Sun, 09 Nov 2014 14:17:52 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 69CDD1E009B;
	Sun,  9 Nov 2014 14:17:51 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 9226330532;
	Sun,  9 Nov 2014 19:17:47 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 88AF3305AF
 for <tor-talk@lists.torproject.org>; Sun,  9 Nov 2014 19:17:43 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id kr8T0NXovdx3 for <tor-talk@lists.torproject.org>;
 Sun,  9 Nov 2014 19:17:43 +0000 (UTC)
Received: from mail-ig0-x22f.google.com (mail-ig0-x22f.google.com
 [IPv6:2607:f8b0:4001:c05::22f])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 643F130532
 for <tor-talk@lists.torproject.org>; Sun,  9 Nov 2014 19:17:43 +0000 (UTC)
Received: by mail-ig0-f175.google.com with SMTP id h3so15449424igd.14
 for <tor-talk@lists.torproject.org>; Sun, 09 Nov 2014 11:17:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=date:from:to:subject:message-id:mime-version:content-type
 :content-transfer-encoding;
 bh=0hP4U8FJVM7Xicnba53sbZiWLJ6G5GWcTJCC4rsOCMg=;
 b=pk5X3cZylc1Ri7Vfx/w734OJc6sazsbseZvt+mYr1SeUd77cmQxbZkwndinqxXdmOQ
 E9/kxFJqaf/lA0dVjOos75XT9QntogqAtxroh5QFGXcDfLarb3NAdDzkjVhEOqR20Sv5
 XqwOUnMecDri+V+DLjY0XnhQu2ZwfNn2jkk2PqoSyVRsBFw8jlVQ7m1H5N2G6m8i7Wwx
 H0u4fomCZD/eHGchEw8e51flx+DpjvafHxuFG/dlYtcA2D2rPBg66n40iPJ4YYhw4EJj
 l9GChzHai94IVv3x4mM/Fu3b7wvwTZVpKql5zeJf9cw0at22P0oqMYyV65Rw7AUuYzpo
 7FPQ==
X-Received: by 10.50.111.110 with SMTP id ih14mr19620514igb.38.1415560661173; 
 Sun, 09 Nov 2014 11:17:41 -0800 (PST)
Received: from aspire (host-162-213-106-225.dyn.295.ca. [162.213.106.225])
 by mx.google.com with ESMTPSA id d140sm3114243ioe.38.2014.11.09.11.17.37
 for <tor-talk@lists.torproject.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Sun, 09 Nov 2014 11:17:39 -0800 (PST)
Date: Sun, 9 Nov 2014 14:15:37 -0500
From: Mansour Moufid <mansourmoufid@gmail.com>
To: tor-talk@lists.torproject.org
Message-Id: <20141109141537.1c9ce8bcd475676d1685097b@gmail.com>
X-Mailer: Sylpheed 3.2.0 (GTK+ 2.24.10; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Subject: [tor-talk] advice to hidden service operators
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Hi everyone,

I'd like to share some advice to operators of hidden services in order
to mitigate the attack family known as "traffic confirmation" attacks.

(I say mitigate because the early implementation of these attacks
are likely trivial enough to be defended against, for now, but will
get much better quickly.)

First, rate-limit traffic to individual clients at the firewall level
to some human number (eg a couple new connections per minute).  This
is a common protection against denial-of-service attacks, but in this
case should be set just high enough to be tolerable to users.

Second, HTTP servers should be configured to log access times and
requests, or time and request size if possible (and nothing else).
These logs should be remote.  This will help you understand an attack
better after the fact.

Finally, some low, constant background traffic will frustrate the
least competent attackers.

Good luck.


Mansour
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

