Home page logo

basics logo Security Basics mailing list archives

Re: Tactics for surviving heavy DDoS attack?
From: Lee Fisher <blibbet () gmail com>
Date: Mon, 21 Apr 2008 13:16:46 -0700

I missed some messages in this thread, but I don't think Tor has been mentioned as an option to help with DDoS.

Excerpting from the Tor Abuse FAQ:

What about distributed denial of service attacks?

Distributed denial of service (DDoS) attacks typically rely on having a group of thousands of computers all sending floods of traffic to a victim. Since the goal is to overpower the bandwidth of the victim, they typically send UDP packets since those don't require handshakes or coordination. But because Tor only transports correctly formed TCP streams, not all IP packets, you cannot send UDP packets over Tor. (You can't do specialized forms of this attack like SYN flooding either.) So ordinary DDoS attacks are not possible over Tor. Tor also doesn't allow bandwidth amplification attacks against external sites: you need to send in a byte for every byte that the Tor network will send to your destination. So in general, attackers who control enough bandwidth to launch an effective DDoS attack can do it just fine without Tor.

There are issues. Some infrastructure (authority directories, exit node routers) have publicly visible IP addresses. Not all apps will work over Tor (UDP, non-TCP). Tor's benefits cost additional technical/legal overhead for users and admins. Read the design papers (roadmaps, challenges) for more on those.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]