New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2024 Audit - SEC-01-014 WP3: Lack of DoS Mitigation for Onion Service #7294

Open

zenmonkeykstop opened this issue Oct 29, 2024 · 0 comments

Labels

2024 audit recommendation network hardening

Contributor

zenmonkeykstop commented Oct 29, 2024

7A made multiple recommendations for DoS mitigation against onion services:

set introduction point rate limits
implement proof-of-work defenses
set rendezvous circuit stream limits
implement onionbalance
implement rate limiting via Apache
implement content caching
implement captchas or secure cookie challenges

SecureDrop supports enabling Tor’s Proof-of-Work defenses as of 2.9.0; we will be investigating the other recommendations further.

zenmonkeykstop added 2024 audit recommendation network hardening labels

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment