OnionBalance Vs. Multiple Mirrors?

I remember reading about OnionBalance a while back when it first came out and I was wondering if any of the market admins or anyone with experience running large darknet sites would chime in on why they seem to prefer to have multiple onion addresses vs a single onion address with OnionBalance. Was this attempted and didn't work out? Or where there any security issues with Onion Balance itself?


Comments


[2 Points] _PrinterPam_:

OnionBalance, if spread-out over a number of machines will help alleviate some DDoS attacks, but if the number of zombie machines used in an attack are of significant number...a single address (with multiple machines) could still be easily ground to a halt. Killing/suspending some of the addresses and generating new ones leaves the attack dead in the water until they are re-targeted to the new address(es). This is what Dream did for quite a while when they were under a sustained attack.

The markets (at least the bigger ones) most likely use OnionBalance as a way to ensure their markets are zippy/responsive, but likely have to also consider temporarily suspending some addresses and generating new ones regularly in the face of DDoS attacks (or, just wait-out the storm until the person paying for the attack gets bored or runs out of money).


[1 Points] penthat:

Interesting. I'll be following this discussion.


[1 Points] basjin:

no.


[1 Points] -YOUpeople-:

I think it might depend on how the attack works. If the attack goes after resources, load balancing helps just like it does with any service. But I have read that some of the DDOS attacks brings down the TOR daemon itself. If that's the type of attack, I would think that onion balance might not help since that attack would knock off the main onion anyway. But I don't know how onionbalance works enough to know if that's the case, just a guess though.