[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: any middlemen seeing DoS currently?
Hans Schnehl schrieb:
> you may set the timeout values in pf.conf to rather low values.
> Actually I start wondering if larger values are of any use anyway.
> maybe like:
> -----------------------------
> set timeout interval 2
> set timeout frag 5
> set timeout tcp.first 5
> set timeout tcp.opening 5
> set timeout tcp.established 600
> set timeout tcp.closing 5
> set timeout tcp.finwait 3
> set timeout tcp.closed 5
> ------------------------------
If I am not mistaken (don't know pf), this will terminate all idle connections
after 600s. That means that your Tor relay will at least loose idle exit
connections (maybe even circuits?) which are still valid. This is especially
bad for people using long-lived connection to instant messaging services, IRC,
and others for which Tor prefers relays with the stable flag. If your relay
has that flag, it may be worth to keep that in mind.
Dominik