top | item 22215430

(no title)

Actually it's not like you think.

It's OK to use guards for yourself because

1) there are thousands of non-public guards(bridges) 2) you choose the path to the rendezvous point 3) middle nodes don't know the type of the traffic

Also there are a few things wrong with your article.

  And the rendezvous point must be in this list (because you shouldn't have a private rendezvous node).

This is not true. The spec does not specify that.

  Usually Choopa LLC -- a cloud provider that is regularly used by hostile actors.

Choopa LLC is not regularly used by hostile actors. You can't say that citing one report.

  However, the relay, rendezvous, and exit nodes must be publicly known so that lots of Tor traffic will use them.

Not true with rendezvous points.

discuss

xb95|6 years ago

I work on infrastructure at Discord. Our voice and video infrastructure gets attacked quite frequently and we have pretty good tracking about which ASNs the traffic is coming from as part of our mitigation processes.

Anyway, Choopa is a common source of DDoS in our reports, so I can corroborate the OP's comment to some degree. They aren't the largest we see, but they're in the top 10 sources for us.

lima|6 years ago

As someone who used to work for a company that hosted large-scale gaming infrastructure, I can confirm that Choopa was a common source of DDoS. DigitalOcean, too, and lots of eyeball providers. Any provider who allows credit card payments has issues with outbound attacks, and some are better at responding quickly than others.

It got so bad we ended up building and deploying our own line-rate packet processing engine at our network edge to be able to deal with the weird UDP protocols gaming uses.

How much spoofed traffic do you see nowadays?

az656|6 years ago

As someone who also has similar visibility, I can also vouch for the fact that Choopa has a very lax and unenforced abuse policy.