bob1983 <bob1...@protonmail.com> writes: >>> Is there a way to limit resource usage originated from a single Tor circuit? > >> There is no such functionality right now I'm afraid. People have been >> wanting some sort of functionality like that for a while: >> https://www.hackerfactor.com/blog/index.php?/archives/777-Stopping-Tor-Attacks.html >> but we haven't had time to develop/design something. > > The first possible solution quickly came to my mind, was to do what i2p was > doing for years: assigning a placeholder IP address based on the 32-bit hash > of > the circuit ID. It is not an ideal countermeasure, but it does work for simple > rate-limiting purpose and compatible with existing IP-based applications and > servers. > > I've just checked the source code. > > https://github.com/i2p/i2p.i2p/blob/920b14212fa80a3a0e92d6e919fdae7e39ed22d5/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/I2PTunnelServer.java#L739 > > and it turned out that this feature from i2p was actually based on this patch > purposed in tor-dev mailing list! > > [tor-dev] Patch: Hidden service: use inbound bind-address based on circuit ID > https://lists.torproject.org/pipermail/tor-dev/2014-March/006610.html > > I don't know if it's still worth to try with this approach, or developing a > separate API should be the right way to go. Any other insights, anyone? >
Thanks for this information bob1983. I opened ticket #24298 to handle the generic issue of DoS attacks, and also opened #24299 to investigate the I2P feature you mentioned. Hopefully we can find some time to work on this, or it might give the community a place to design stuff. I'm also wondering how the I2P community is using that feature. I have asked some I2P friends and waiting for answers. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
