Delivery-Date: Fri, 14 Nov 2014 15:56:07 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 37CCA1E0C4A;
	Fri, 14 Nov 2014 15:56:06 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 84BBB31652;
	Fri, 14 Nov 2014 20:55:59 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 904A63164F
 for <tor-talk@lists.torproject.org>; Fri, 14 Nov 2014 20:55:56 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id CpkGaoqw6jl4 for <tor-talk@lists.torproject.org>;
 Fri, 14 Nov 2014 20:55:56 +0000 (UTC)
Received: from mail-la0-x235.google.com (mail-la0-x235.google.com
 [IPv6:2a00:1450:4010:c03::235])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 32FD624801
 for <tor-talk@lists.torproject.org>; Fri, 14 Nov 2014 20:55:56 +0000 (UTC)
Received: by mail-la0-f53.google.com with SMTP id mc6so15501751lab.26
 for <tor-talk@lists.torproject.org>; Fri, 14 Nov 2014 12:55:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=ZCB+1WfT2HVAEEjqKm07CYKoANIWLWocxoore0f4ASs=;
 b=dJDE0t31F5ty7ND1S75wB60Y9138QL1AN9I30dS6ON5TWe0nI2KntzsqIJSG9jTDt9
 FU+ZVpXzIWS45Qdisxse3hVIgx8RTmj9NtS+M73e9khnGvYMKlz7UVuWIZSDKP1e6mLZ
 JA1ddpCFy/db8vLZLWt9msxCnWQTzdu9jk3Hb4FrBjevvgopkomZ5Dl7GQaj5FdqeuLu
 NY31muJI1a7QRBVRXq9G+Pb9/MNBHeIDEMK7QsLOgUUmPkBJboWtz6tWga+nMKLxck2e
 jYYq+5835FxLht87iI4rVlo/qqkIc5uBbo+h8UGD3NSS99MSgp56bPYhI6DbUJW5w/Xr
 Vcjw==
MIME-Version: 1.0
X-Received: by 10.112.141.104 with SMTP id rn8mr3950409lbb.87.1415998552865;
 Fri, 14 Nov 2014 12:55:52 -0800 (PST)
Received: by 10.112.156.225 with HTTP; Fri, 14 Nov 2014 12:55:52 -0800 (PST)
In-Reply-To: <CALmxuLZoPcjontaKEsFUeNPa4Vu9yaPPPAe9b8eA_8Xjaz9uMA@mail.gmail.com>
References: <CALmxuLZoPcjontaKEsFUeNPa4Vu9yaPPPAe9b8eA_8Xjaz9uMA@mail.gmail.com>
Date: Fri, 14 Nov 2014 12:55:52 -0800
Message-ID: <CAJVRA1Rggd3YbdOM11z53+cAzuDW2dzfzLwttRb6WXO6mwvQNw@mail.gmail.com>
From: coderman <coderman@gmail.com>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Defense against DDoS Attacks in Tor
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 11/13/14, IGNACIO GAGO PADRENY <igago@ucm.es> wrote:
> ...
> I am currently studying network security and I am focusing on defense
> against DDoS attacks in Tor. I have read a few papers (replay attack,
> sniper attack, etc.) but most of them are not recent.

i assume you looked over http://freehaven.net/anonbib as well.



> My aim is to develop
> (theoretically or in practice) a defense but I would really appreciate if
> you could tell me current attacks which have no defense or are the most
> successful ones.

DoS are all "successful", by some measure.

ordered by hardness, consider:

 0. application level, like slowloris or computational DoS. [ see
torhs-pyloris-nov9.tgz on #8902 ]

 1. hidden services in general, roles like HSDir or Rendz., high
connection rates, stream isolation impacts. [ see list at
https://blog.torproject.org/blog/thoughts-and-concerns-about-operation-onymous
for enumeration of many known attacks ]

2. protocol issues, circuit extension attacks, shared gateways
manipulation, predecessor attacks, etc.

3. high capacity relay performance issues, tuning, clogging, etc.


messing with the fast relays most difficult. from there, considerably
easier to deny service. a hard problem.  good luck! :)

( most don't even try to fix 0 or 1 at all... )


best regards,
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

