[guardian-dev] Fwd: using UDPGW and tun2socks over Tor

Nathan of Guardian nathan at guardianproject.info
Fri Oct 24 08:40:55 EDT 2014



On Fri, Oct 24, 2014, at 04:47 AM, Delyan Kratunov wrote:
> >  Perhaps udpgw instances can be run along side all Tor exit nodes?
> 
> Isn't the DDoS potential extremely high if Tor allows UDP? Since there's
> no 
> flow control with the end server, a malicious client can establish
> multiple 
> circuits, all spamming traffic, turning the exit nodes into a botnet.
> Tor's 
> fundamental design can't protect against this, right? It's
> indistinguishable 
> from, say, a massive amount of unidirectional SIP traffic. 

Definitely a possibility. DDoS over Tor is already a problem (see LOIC),
but perhaps UDP support would exacerbate that beyond what is manageable.

> Also, I question how usable udpgw would be for realtime voice or video 
> communication from a mobile device. Wrapping traffic meant to be
> "droppable" 
> into TCP means video frames coming way too late, retransmits within the
> Tor 
> network and all sorts of other issues the protocols may not be equipped
> to 
> handle.

>From my early tests it is not so bad, especially with efficient codecs
like Codec2.


-- 
  Nathan of Guardian
  nathan at guardianproject.info


More information about the Guardian-dev mailing list