[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] DoS attacks are real (probably)

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] DoS attacks are real (probably)
From: "x9p" <tor@xxxxxxx>
Date: Mon, 11 Dec 2017 14:41:51 -0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 11 Dec 2017 11:42:16 -0500
Importance: Normal
In-reply-to: <151300681974.21961.10028185635782855084@pink.alxu.ca>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <151300681974.21961.10028185635782855084@pink.alxu.ca>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On Mon, December 11, 2017 1:40 pm, Alex Xu wrote:
> tl;dr: run this:
>
>     conntrack -L -p tcp --dport 9001 | awk '{print $5}' | sort | uniq -c |
> sort -n

Thanks for the detailed analysis.

> ignore numbers less than 10. the remaining output should consist of the
> following:

...

> are not NATed IPs, a high limit is not justified. I recommend against
> the blanket approach suggested previously of limiting whole sets of
> /24s, since that may inadvertently block mobile clients and is not
> effective against the current attack. As mentioned in the previous

I agree the approach of /24 connlimit is not a good approach to Exit
nodes. But for relays only worked fine for me and others.

cheers.

--
x9p | PGP : 0x03B50AF5EA4C8D80 / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE
1524 E7EE

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] DoS attacks are real (probably)
  - From: Alex Xu

Prev by Author: Re: [tor-relays] DoS attacks on multiple relays
Next by Author: Re: [tor-relays] Action relays on 188.214.30.0/24 subnet
Previous by thread: [tor-relays] DoS attacks are real (probably)
Next by thread: Re: [tor-relays] DoS attacks are real (probably)
Index(es):
- Author
- Thread