Silk Road forums

Discussion => Newbie discussion => Topic started by: whywhywhy on April 30, 2013, 05:52 pm

Title: Ideas on mitigating the DoS
Post by: whywhywhy on April 30, 2013, 05:52 pm
hi there,

i run a few popular hidden services and a friend of mine told me that I could be useful here in these dark times.
I just registered and I can only post in this forum, so I made a thread here. Sorry for the duplicates.

In http://dkn255hz262ypmii.onion/index.php?topic=153182.0 kmfkewm suggested that the DoS is happening on the introduction points, which is likely since this is a known way of bringing down hidden services.

if this is the case, there're a couple of ways of making the attacker's life harder:

a) As astor suggested, increase the number of introduction points by tweaking the NUM_INTRO_POINTS_MAX variable in /src/or/rendservice.c. This will increase the number of boxes that the attacker has to DoS.

b) You can also play around with INTRO_POINT_LIFETIME_MAX_SECONDS and INTRO_POINT_LIFETIME_INTRODUCTIONS to make Silk Road cycle through Introduction Points faster. if the attacker is a skiddie, then maybe he hasn't taken into account that introduction points ever change. in any case, this will make the attacker's life harder since he will have to keep track of the changing intro points.

c) You can edit rend_services_introduce() to make it use some hardcoded introduction points of your own choosing. if you select some powerful Tor relays or if you setup some anti-DoS tor relays, the attacker might have a hard time bringing them down.

all these changes seem easy to make, and they will make the situation much better. Note that some of those actions might increase the load of the Tor network, so you have to be careful. you really really really really don't want to DoS the whole Tor network.

if you think this is worth doing, we can explore this attack a bit more. for example, we can fetch the list of intro points of SR and see what kind of load they currently have, to validate whether the intro points are actually getting DoSed.

if an admin of this site finds this worthwile, i might write some code patches for the above ideas.

i hope someone reads this thread.

(Finally and least importantly, I'm a new user in SR and i'd like to try some of the merchandise when the site comes back up. if you people could donate me some bitcoins it would be awesome!)
Title: Re: Ideas on mitigating the DoS
Post by: MadScyentist on April 30, 2013, 07:52 pm
You should directly PM Scout or DPR himself with this information.

It may be useful.

Thanks for the insight!