[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Traffic in port 9050 in a relay (denial of service attack?)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Lars Noodén:
> On 11/06/2013 01:26 PM, mick wrote:
>> I disagree. Dropping all traffic other than that which is 
>> explicitly required is IMHO a better practice. (And how do you
>> know in advance which ports get attacked?)
> 
> Using reject instead of drop simplifies troubleshooting.
> 
> http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject
> 
> Drop tends to get in the way.

I agree with the above document, but on really low-end hardware (hi,
I'm the resident Raspberry Pi person ;)), and with consumer routers,
REJECT can also cause problems during a Tor SYN flood by consuming
resources on both the relay and the router.

Since I *do* agree with REJECTing when possible, I do a two-stage
approach and only DROP hosts which have proven themselves more
aggressive than I can deal with during an overload condition.  This
saves some resources to keep the relay alive.

Best,
- -Gordon M.


-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJSfHf6AAoJED/jpRoe7/ujyfQH/AyCj4Jh0fhOQn3nRFKibofL
C0v7cJ3pzbgQCjaeBGwdCz+EDE4/aJaU4MOFAkv+HnMJbGGu9CpgQms+GVpY3P3T
H2tmev4vNQ3dLeylRPlSa/fsXUzQxsGOFSnSMc0FD6tNQGVYljKwRGsLtM0olNee
GN8GXLuLuYtoq25gF9ElAoUkDkHPHj5/R2f/3R7czY6S3SxkQs+V2rQ/uXb8VLBj
eMNCen+kNU5fhi5MhUcixkgd7ovl8599XUnWlgeEuSzjMsWhJHjv0AfmU9eEEtIJ
Sr1jY5ihgOp33ImRBr4/fuzndFI9oSTqChL8eg4ikHxsn8odQvdI9w5cflm4s8I=
=IMno
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays