[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Methods of Withstanding DOS Attacks

On tor-talk there is speculative discussion of the methods of deanonymization used in the recent law-enforcement takedown of some hidden sites.

One theory is that it was done, by a global surveillance network, by watching a relatively small number of suspect machines, and then launching a denial-of-service attack on a particular hidden service. When the hidden service becomes unavailable as a result of the attack, the attacker sees if any machine that he is watching become unavailable at the same time.

My main question is: Is there any way to prevent a hidden service becoming unavailable to a particular visitor at the same time as the service’s main tor connection goes down? In other words, can the service have some form of redundancy of resources that makes the attack invisible to most of its visitors?

Some ideas, some a bit wild:

  1. One Whonix workstation with multiple gateways, with the gateways at different geographical locations, load-sharing the visitor connections to the service (workstation).

  2. Because each visitor to a hidden service is on his own tor circuit, is there a way to segregate each connection in its own “container” so that if one misbehaves such as by launching a DOS attack then the others won’t notice?

To get more feedback, I advise to wipe the Whonix specific part from your question, make it a generic question, then ask on the tor-talk mailing list.

See also:
http://freehaven.net/anonbib/date.html

Hidden services have no way to distinguish their visitors as far I know. Otherwise if there was, visitors would not be anonymous.

You can limit visitors by using hidden service authentication, but that won’t work for publicly reachable hidden services:

One Whonix workstation with multiple gateways, with the gateways at different geographical locations,
By Whonix default, connections between Whonix-Workstation and Whonix-Gateway are not authenticated/encrypted. See also: (encrypted) (authenticated) Connection Between Whonix-Gateway and Whonix-Workstation https://www.whonix.org/wiki/Connections_between_Whonix-Gateway_and_Whonix-Workstation
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]