Type o' DoS attack is aimed at different layers o' the protocol stack:
a. Web app layer
b. HTTP application layer
c. TCP/IP transport layer
d. TOR network layer.
Defences Against Attacks at Each Layer:
a. CAPTCHAs, defences built intae the application.
b. HTTP web application firewall.
c. TCP/IP firewall.
d. TOR network layer - no' really ony guid solutions the now. Right noo, it's just a battle atween the attacker an' the defender tae see wha can add the maist servers/resources tae maximise the number o' tor circuit creation versus keepin' up wi' tor circuit creation requests. The Tor software needs redesignin' tae add costs tae mak' TOR circuit setup expensive when thousands o' simultaneous circuits are made. Anither anonymity network is I2P, which the attackers havnae started DOSin' yet.
When a TOR layer DOS attack is happenin', it only affects the onion name bein' attacked. The ither onion names keep workin'. If ye keep tryin' lang enough tae reach the attacked onion name, it'll eventually work, then it'll continue tae work normally an' fast for 15 minutes. Efter 15 minutes, the TOR client retires the workin' circuit an' builds a fresh ane, but the process o' buildin' a fresh circuit is what a DOS attack impacts, causin' intermittent failures an' delays o' 2-5 minutes as the browser keeps tryin' the connection setup.
If ane onion name disnae work efter it's tried connectin' for 5 minutes, then use anither. When there are three alternative paths tae reach yer destination, choose the ane wi' the least traffic. If nane work, then a DOS attack could be targetin' a different layer like the web app layer.