On 26 Nov 2017, at 07:14, grarpamp grarpamp@gmail.com wrote:
The subject of this new thread is detecting network attack upon tor network / relays itself.
Nick Mathewson has mentioned wanting to do this for Tor protocol violations. But we need a privacy-preserving aggregation scheme in Tor so we can do these counts safely.
(Otherwise, anyone who can remotely trigger a rare protocol violation can find out which relays a client or onion service is using.)
When we create this list, we will also think about what other kinds of attacks on the network we can reliably detect and monitor.
We're limited in the number of counters we can create for these events, and they must track integer counts.
Do you have a "top 5" list of attacks we could detect this way?
T