[tor-relays] Onion Services operators please enable tor PoW defense

gus · June 5, 2024, 12:50pm

Hi,

As some of you might have noticed, we have a high load situation on the
network for a couple of weeks now affecting in particular onion services
(but not only them).[1]

We recommend Onion Services operators to enable our Proof of Work (PoW)
defense[2][3] and finetune their torrc[4].

If you're running onion services with onionbalance, though, PoW is
currently not supported[5], but we're interested in hearing from you if
this is a feature that we should prioritize.

Thanks,
Gus

ps: this advice does not apply to relay operators, only to onion services operators.

[1] Network Performance Issues | Tor Project status
[2] Introducing Proof-of-Work Defense for Onion Services | The Tor Project
[3] Proof Of Work - The Onion Services Ecosystem
[4] Tor Project | Onion service DoS guidelines
[5] Proof Of Work - The Onion Services Ecosystem

···

--
The Tor Project
Community Team Lead

gus · June 5, 2024, 4:45pm

I forgot to mention that Onion Services PoW is not yet fully implemented in Arti.

cheers,
Gus

···

On Wed, Jun 05, 2024 at 09:50:20AM -0300, gus wrote:

Hi,

As some of you might have noticed, we have a high load situation on the
network for a couple of weeks now affecting in particular onion services
(but not only them).[1]

We recommend Onion Services operators to enable our Proof of Work (PoW)
defense[2][3] and finetune their torrc[4].

If you're running onion services with onionbalance, though, PoW is
currently not supported[5], but we're interested in hearing from you if
this is a feature that we should prioritize.

Thanks,
Gus

ps: this advice does not apply to relay operators, only to onion services operators.

[1] Network Performance Issues | Tor Project status
[2] Introducing Proof-of-Work Defense for Onion Services | The Tor Project
[3] Proof Of Work - The Onion Services Ecosystem
[4] Tor Project | Onion service DoS guidelines
[5] Proof Of Work - The Onion Services Ecosystem
--
The Tor Project
Community Team Lead

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page

--
The Tor Project
Community Team Lead

lists · June 6, 2024, 1:50am

As a little help, defaults from 0.4.8.11

### IntroDoSDefense & PoWDefenses are disabled by default

On Mittwoch, 5. Juni 2024 14:50:20 CEST gus wrote:

Hi,

As some of you might have noticed, we have a high load situation on the
network for a couple of weeks now affecting in particular onion services
(but not only them).[1]

We recommend Onion Services operators to enable our Proof of Work (PoW)
defense[2][3] and finetune their torrc[4].

#
# https://community.torproject.org/onion-services/ecosystem/technology/pow/
# More details, see: 'man torrc' DENIAL OF SERVICE MITIGATION OPTIONS
# Tor Network values set by the consensus, if any, can be found here:
# Consensus health

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80
HiddenServicePort 80 [::1]:80

# HiddenService options are per onion service:
HiddenServiceEnableIntroDoSDefense 1
#HiddenServiceEnableIntroDoSBurstPerSec 200 # (Default: 200)
#HiddenServiceEnableIntroDoSRatePerSec 25 # (Default: 25)

HiddenServicePoWDefensesEnabled 1
#HiddenServicePoWQueueRate 250 # (Default: 250)
#HiddenServicePoWQueueBurst 2500 # (Default: 2500)
#CompiledProofOfWorkHash auto # (Default: auto)

HiddenServiceDir /var/lib/tor/other_hidden_service/
HiddenServicePort 22 127.0.0.1:22
HiddenServicePort 22 [::1]:22
HiddenServiceEnableIntroDoSDefense 1
...

For larger websites and forums like Dread:
https://blog.nihilism.network/servers/endgame/index.html

--
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!