mailing list archives
Re: Tactics for surviving heavy DDoS attack?
From: Lee Fisher <blibbet () gmail com>
Date: Mon, 21 Apr 2008 13:16:46 -0700
I missed some messages in this thread, but I don't think Tor has been
mentioned as an option to help with DDoS.
Excerpting from the Tor Abuse FAQ:
What about distributed denial of service attacks?
Distributed denial of service (DDoS) attacks typically rely on having a
group of thousands of computers all sending floods of traffic to a
victim. Since the goal is to overpower the bandwidth of the victim, they
typically send UDP packets since those don't require handshakes or
coordination. But because Tor only transports correctly formed TCP
streams, not all IP packets, you cannot send UDP packets over Tor. (You
can't do specialized forms of this attack like SYN flooding either.) So
ordinary DDoS attacks are not possible over Tor. Tor also doesn't allow
bandwidth amplification attacks against external sites: you need to send
in a byte for every byte that the Tor network will send to your
destination. So in general, attackers who control enough bandwidth to
launch an effective DDoS attack can do it just fine without Tor.
There are issues. Some infrastructure (authority directories, exit node
routers) have publicly visible IP addresses. Not all apps will work over
Tor (UDP, non-TCP). Tor's benefits cost additional technical/legal
overhead for users and admins. Read the design papers (roadmaps,
challenges) for more on those.