2 comments

[ 2.8 ms ] story [ 13.3 ms ] thread
Since all TOR traffic is encrypted, how can they differentiate between legitimate TOR traffic and DDOS traffic?
I assume the DDOS is not a generic flood of traffic, but rather a particular kind of traffic that causes a disproportionate ammount of work (or, rather, memory usage) in the target. In this case, the offending component would necessarily be part of the unencrypted portion of a TOR packet that the relay is processing.