[guardian-dev] Fwd: using UDPGW and tun2socks over Tor
Delyan Kratunov
guardian at delyan.me
Fri Oct 24 04:10:50 EDT 2014
(apologies if this message doesn't thread well, my list subscription was
misconfigured, fixed now).
> Perhaps udpgw instances can be run along side all Tor exit nodes?
Isn't the DDoS potential extremely high if Tor allows UDP? Since there's no
flow control with the end server, a malicious client can establish multiple
circuits, all spamming traffic, turning the exit nodes into a botnet. Tor's
fundamental design can't protect against this, right? It's indistinguishable
from, say, a massive amount of unidirectional SIP traffic. Normally, the TCP flow
control would help, since a remote server dropping packets would cause the
exit nodes to back off. However, UDP is far less gentle.
More information about the Guardian-dev
mailing list