torproject/community
1
0
Fork 0
mirror of https://github.com/torproject/community.git synced 2024-11-23 09:49:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix: Onion Services: DoS: update references

Browse Source 
Since the last update of the "Onion service DoS guidelines" page,
the Tor specifications repository and website had a major overhaul.

Also, the PoW FAQ page was created.

This commit updates affected references.
This commit is contained in:
Silvio Rhatto 2024-01-10 13:47:04 -03:00 committed by emmapeel
parent 2b7cb0530e
commit 128d8b85d9
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
content/onion-services/advanced/dos/contents.lr
View File

@ -21,7 +21,7 @@ All these approaches can be combined.
However there is no single one-size-fits-all solution for this problem at the moment.
Defending a site under attack requires creativity and a custom-tailored approach.
Here are a few tips:
An overview of implemented defenses at the tor daemon is given in the [Overview](https://spec.torproject.org/dos-spec/overview.html) section from the [Denial-of-service prevention mechanisms in Tor](https://spec.torproject.org/dos-spec/index.html) specification, and here we give some practical tips.
### Rate limiting at the Introduction Points
@ -36,11 +36,11 @@ Since [Proposal 305](https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/
* `HiddenServiceEnableIntroDoSRatePerSec`: The allowed client introduction rate per second at the introduction point.
If this option is 0, it is considered infinite and thus if HiddenServiceEnableIntroDoSDefense is set, it then effectively disables the defenses.
For more information on how they work, check the `tor(1)` manpage and the `[EST_INTRO_DOS_EXT]` section of the [Onion Services v3 specification](https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/rend-spec-v3.txt).
For more information on how they work, check the `tor(1)` manpage and the [Denial-of-Service defense extension (DOS_PARAMS)](https://spec.torproject.org/rend-spec/introduction-protocol.html#EST_INTRO_DOS_EXT) section of the [Onion Services v3 specification](https://spec.torproject.org/rend-spec/index.html).
### Proof of Work (PoW) before establishing Rendezvous Circuits
With the implementation of [Proposal 327](https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/327-pow-over-intro.txt), a Proof of Work (PoW) defense mechanism can be configured for each Onion Service with the following `torrc` options:
A [Proof of Work (PoW)](https://spec.torproject.org/hspow-spec/index.html) defense mechanism is explained in length at the [PoW FAQ](https://gitlab.torproject.org/tpo/onion-services/onion-support/-/wikis/Documentation/PoW-FAQ), and can be configured for each Onion Service with the following `torrc` options:
* `HiddenServicePoWDefensesEnabled`: Enable proof-of-work based service DoS mitigation.
When enabled, tor will include parameters for an optional client puzzle in the encrypted portion of this hidden service's descriptor.