On Thu, Nov 28, 2013 at 08:00:37AM -0200, Noilson Caio wrote: > https://www.csis.dk/en/csis/blog/4103/ > > I know that amplification attacks are not problems in the Tor network > (Enter one > bit comes out a bit). DDOS tools originated in the Tor network tend to clog > the output nodes. Correct ?
Yes: https://www.torproject.org/docs/faq-abuse#DDoS That said, not all ddos attacks involve just simple flooding with traffic. Some of the attacks described on your url use very little traffic, e.g. instead relying on clogging up the cpu of the target machine by asking it to provide complex answers. The right answer to those attacks is "then don't design your services that way", but for many currently deployed services that's a long-term dream, not a short-term fix. *That* said, I would expect bots in this situation to use Tor for C&C, and do the distributed attacks directly. It's pretty silly to do a "distributed" attack from 5000 places but then funnel it all into Tor. Or said more clearly, if you have a botnet, use it -- you don't need Tor. --Roger -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
