Ship or Document DDoS Resistant torrc Settings

A researcher has posted his experience keeping their onion up during a massive DDoS back in February. he has taken 4 steps to defend. Some of them require source code patches for the Tor daemon and rolling it out to the network - this is obviously out of scope, but a couple of them are simple and more realistic alternatives to defaults that Tor ships with.

1 Like

Hosting a high availability (“99,99%” online), let alone a high traffic one, load balanced (with onionshare) Tor onion service, certainly is non-trivial. Not something Whonix has researched and documented at this time.

I don’t think I’ll research and document this anytime soon. Added a short mention here just now:

Documentation contributions for this would be very welcome. Would be the first step before considering enabling this by default.

Reported on Tor issue tracker yet? If not, this would be useful.

Should also be suggested upstream to change these defaults to get input on potential consequences of that. If upstream changes this, Whonix does not have to.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]