[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] botnet? abusing/attacking guard nodes

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] botnet? abusing/attacking guard nodes
From: teor <teor2345@xxxxxxxxx>
Date: Mon, 18 Dec 2017 08:24:06 +1100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 17 Dec 2017 16:24:27 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:content-transfer-encoding:mime-version:date:subject:message-id :references:in-reply-to:to; bh=C7OzkpIUyz5RwcWGk3RLJkYvVpQLG11v3D+rpJNBJhQ=; b=s6IhG85NFfuMKM7JQJKtxgV6/u8MdVw6fpMaAiHiB3jJrEwcBRWjz+vrbDYPQzuZtt s36+JOJPC8m+sD09uWeOK/pyL3K2NI3zO8XhWxi/OhHGcTNZmRmDxSIWmpES+OY/64bQ mdpv/qeCeUvxa/+aatr94SUGppAqzEnbqFO4szvq4jVjX/lXHICmCHm8snUVa4hqv4DW Dt4Bm1tbmyPkc3FfZB8jElwAhkq6BKCbOM2wk9kAiTCCKhq40pm3DG8g/YDhlaAT8SGU DCfanGeBRnbAZF1eHisHRZnFXl4lGUAMKWBkbmqRsbrgzDvqnWOLoe/ZHVJwbqbmcgaw lWHQ==
In-reply-to: <em52a06307-13e8-4df7-9678-e49ccf1e586e@mats-win7>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <6.2.5.6.2.20171217094307.046a6cf0@example.org> <em52a06307-13e8-4df7-9678-e49ccf1e586e@mats-win7>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

> On 18 Dec 2017, at 02:45, Logforme <m7527@xxxxxx> wrote:
> 
> My relay ran out of connections once and also crashed once so I followed the suggestions in the "DoS attacks are real (probably)" thread and implemented connection limits in my firewall. Everything have run smoothly since.
> 
> My only concern is how low I can set the number of connections per IP address. Someone wrote a legit client will only open max 2 tcp connections. I'd like this verified before I lower my limits further.

A standard tor client will only open one connection to each guard.

But please don't assume there is only one client per IPv4 address.
Many networks and even entire countries have a very small IPv4
address allocation. If you restrict it to one connection per IP
address, you will be restricting some of the people who need tor
the most. And you will push the load onto a smaller set of guards.

Using 256 per IP is probably reasonable.

If we manage to fix some bugs in the socket limits in Tor, we can
activate them only when the relay is under heavy load, which is
even better.

T

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] botnet? abusing/attacking guard nodes
  - From: Toralf Förster

References:
- [tor-relays] botnet? abusing/attacking guard nodes
  - From: starlight . 2017q4
- Re: [tor-relays] botnet? abusing/attacking guard nodes
  - From: Logforme

Prev by Author: Re: [tor-relays] IPv6 Issue with Relay
Next by Author: Re: [tor-relays] Become a Fallback Directory Mirror
Previous by thread: Re: [tor-relays] botnet? abusing/attacking guard nodes
Next by thread: Re: [tor-relays] botnet? abusing/attacking guard nodes
Index(es):
- Author
- Thread