Opened 5 years ago

Last modified 13 months ago

#15998 new enhancement

suggestion: distributed captcha mechanism for hidden service DDOS defense

Reported by: hdqdak8v32aor Owned by:
Priority: Medium Milestone: Tor: very long term
Component: Core Tor/Tor Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Had an idea and couldn't find a previous
instance via search. If the idea is
impractical or otherwise deficient feel
free to close this ticket.

Lately many hidden services have come under
sustained DDOS attacks and have struggled
to remain operable.

A possible way to mitigate this problem
might be to enhance Tor to support some
sort of mechanism to push captcha processing
out to either introduction points or
rendezvous points so that DDOSers cannot
overload hidden service systems.

Numerous designs seem possible and I am
not sufficiently steeped in the workings
of Tor to venture a suggestion, but
if the idea is of use I imagine there
will be no shortage of approaches.

However it does occur to me that it
could perhaps be implemented in two stages,
first a "quick-n-dirty" approach that
is limited in scope and then a follow-
on generalized approach that perhaps
allows hidden services to push
configurable captcha generation logic,
perhaps in the form of LUA scripts
or some similar mechanism.

Child Tickets

Change History (3)

comment:1 Changed 5 years ago by teor

Milestone: Tor: very long term

comment:2 Changed 3 years ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

comment:3 Changed 13 months ago by cypherpunks

captcha is horrible user experience solution. this is no solution. please no.

Note: See TracTickets for help on using tickets.