suggestion: distributed captcha mechanism for hidden service DDOS defense
Had an idea and couldn't find a previous instance via search. If the idea is impractical or otherwise deficient feel free to close this ticket.
Lately many hidden services have come under sustained DDOS attacks and have struggled to remain operable.
A possible way to mitigate this problem might be to enhance Tor to support some sort of mechanism to push captcha processing out to either introduction points or rendezvous points so that DDOSers cannot overload hidden service systems.
Numerous designs seem possible and I am not sufficiently steeped in the workings of Tor to venture a suggestion, but if the idea is of use I imagine there will be no shortage of approaches.
However it does occur to me that it could perhaps be implemented in two stages, first a "quick-n-dirty" approach that is limited in scope and then a follow- on generalized approach that perhaps allows hidden services to push configurable captcha generation logic, perhaps in the form of LUA scripts or some similar mechanism.
Trac:
Username: hdqdak8v32aor