[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] DoS attacks are real (probably)

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] DoS attacks are real (probably)
From: Alex Xu <alex_y_xu@xxxxxxxx>
Date: Mon, 11 Dec 2017 19:04:45 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 11 Dec 2017 14:05:12 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.ca; s=s2048; t=1513019089; bh=q8sOM7dQIyaueoKmDqETn2OFa9/Lc/bOjG1aalHfq4Q=; h=From:To:References:In-Reply-To:Subject:Date:From:Subject; b=KHuDwh3z14AS93eP1t9sp4wYaC0rGgYfrWqRL/Sx4vWtn6F72yPScT/8oBpnSaP/GBOj+4fq0T0gIyFLXgWNZACvqei1+vuNAdcLDMQKASzI0kJM1Kok/8OJfxHqetdLBCAFerLgQ77Dmk5miIV9qCnm7dUjIfvoZUJ0mPnWWf9dJcrBDXmVSL7muHJcbfQAVCAq3nTKO0oeKPixfECt9FBtlwCGMHmY7DbJILPeCOV/p82n6RS5t0AHWM9LDmBUCrWSUvieeRMRjM2xdDQd5EMvLIuQJ6qlPyZyRGi/txFZ3IIgWsLjKNVRKrTYvew0r3iQkn6kowZKnmwYS06QxQ==
In-reply-to: <5A2EBB52.8040909@quantentunnel.de>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <151300681974.21961.10028185635782855084@pink.alxu.ca> <5A2EBB52.8040909@quantentunnel.de>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: alot/0.6

Quoting Felix (2017-12-11 17:07:30), as excerpted
> Hi Alex
> 
> Great points.
> 
> >     conntrack -L -p tcp --dport 9001 | awk '{print $5}' | sort | uniq -c | sort -n
> 
> On FreeBSD one can do:
> 

yeah, the optimal rule would ban "bad IPs" after some threshold of
connections, like "if one IP makes >1 conn/sec for at least 1 minute ban
for 1 hour" or something. I'm hoping to fix the underlying issue in Tor
so that low-bandwidth attacks like these are less effective.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] DoS attacks are real (probably)
  - From: Scott Bennett

References:
- [tor-relays] DoS attacks are real (probably)
  - From: Alex Xu
- Re: [tor-relays] DoS attacks are real (probably)
  - From: Felix

Prev by Author: [tor-relays] DoS attacks are real (probably)
Next by Author: Re: [tor-relays] ISP is aking me to send a selfie holding my identity card
Previous by thread: Re: [tor-relays] DoS attacks are real (probably)
Next by thread: Re: [tor-relays] DoS attacks are real (probably)
Index(es):
- Author
- Thread