Hi everyone, I'd like to share some advice to operators of hidden services in order to mitigate the attack family known as "traffic confirmation" attacks.
(I say mitigate because the early implementation of these attacks are likely trivial enough to be defended against, for now, but will get much better quickly.) First, rate-limit traffic to individual clients at the firewall level to some human number (eg a couple new connections per minute). This is a common protection against denial-of-service attacks, but in this case should be set just high enough to be tolerable to users. Second, HTTP servers should be configured to log access times and requests, or time and request size if possible (and nothing else). These logs should be remote. This will help you understand an attack better after the fact. Finally, some low, constant background traffic will frustrate the least competent attackers. Good luck. Mansour -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk