[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] preventing DDoS is more than just network filtering

To: Chris <tor@xxxxxxxxxxxxxxx>, tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] preventing DDoS is more than just network filtering
From: Toralf Förster <toralf.foerster@xxxxxx>
Date: Wed, 9 Nov 2022 17:34:05 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 09 Nov 2022 11:35:08 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417; t=1668011649; bh=svo+7DOdaftdtM5IrkFCIA00ZBI4N4ac7AEt11JgRG0=; h=X-UI-Sender-Class:Date:Subject:To:References:From:In-Reply-To; b=XXqz7Ofbo4toI1zbkltcxRpOlGgPUPvmYPiBORcOFQ9bVIE1r8F0xUCi3uVAa65uM DGWCnTdYsOGI2aCTThLSwsZrKxJlC6BiyXc1fuTo0KT8+3B1GCBxCUZ8/Zj6yPmIGq Cb/Ekj80Cn9jYEGiXikL2aEHr+9TcLVnaDYleC2HjXsagDxlPjaVQa2UI/nFpQ4b7/ UUA8CSBivXd2CKxNL2042xQXwI5zAr/InLmwPVBpNU8aWJKtUhwNrNMcLKdmPThkEF GNrybr0tcbtoPS8JFSYIzmIHCM6QysM6JxpSqOllbRQ4+HBVOWjFT5UeU8S/jOXP5o MZQhQQi1W+oeQ==
In-reply-to: <695c38f4-37ca-8dea-bf88-eb9ae0ce5b70@wcbsecurity.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <70d11653-ae35-6989-822d-b43f85e6a45f@gmx.de> <695c38f4-37ca-8dea-bf88-eb9ae0ce5b70@wcbsecurity.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
Ui-outboundreport: notjunk:1;M01:P0:KzWVJtDGAU0=;P55zLIeyOLSzuqN74j5bFzb0ndv oIUFnvBFlevCEQjdepX0ADap8K+F1xe/05IkgPi4QwOWsWKV3/kJL1HV4zRobSNjvhAwcHfUn /8QF/PBDc+xaXrLlwi3yCpIJC6diG3ow/1vILWGK9TpugMXeHkrgg1Kd6V4WcKlVm8UQUedOA Tc/JQsEH7LTc6lBenoqXmmgB1ubCimb2IyKQKBPJpJAtDynenYO/fFEMUWgP0gfKuWcLWU0RX CrMXABWwrArRUq3nMsITCA8fq1JkB0w82dgEbPqxT/rbQApYIJh/9gyL1SGAvyHtgtzZMzKY2 XoWaLfqJMZduYlWeSxZu94BB0Tlpig8RIeBOR4j9ceNrYfCCKcfHuTPeb1RCmmaUp1MJi/0zH mNIERyak0nhkbfU8iYWmMGFrNJRiDUbc9l0AZJDEz9JKz5QjmNLS2wGwgZwrxcJh1uxJW1fzb lShP3VQCe6/eZM3aZbKPJG6AseiVF19+Acdmp3QK0t+Ivvj5YppRrY5d8KVwJTDyr7c6kyyxr C90fkMXiLBjsYzwvfw5tG1tSPuIMLFSaq+IVpm4xX+6YMvDAUVLGneoPOeI0Wcz+qChIIVyy+ TvXewffMnFK8Ooc+j1Jx/ZXs9PMwbzkJOi8gLaNG4D0LcWlrM80s4w0zBK+nGIMsi4h5/9HaM 2cGCcSXqQErDMnp9PxMeTlhJLYH8+cvyOtABag+OBYOg3CT3RXtBvR/ARKlQF2qQHJel+IRVq dERe8FLpmJQCVpiu3pwWoKC1iohlE9FOQkXXUDBPtOV2otn4Ihlm2IBGqxMFpH8+YdNNfQ50h wBhy/ofx2IB27mbgXdKSmabLtlzMtZuxc7PUUNgCo9v+gPkAfD8RkYN9kCgepxGF41eX5koMj BO57CEIFK5Jiq5d6Rx7eFbfyGhGXQ2VHdHDwkjVZN5f3aBMqgDrvhB44RmRdWl6xG1dC7zYdr 0I0TcBD2j3EAySH8n1brv+Ujn9o=
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.0

On 11/8/22 10:57, Chris wrote:

The main reason is that a simple SYN flood can quickly fill up your
conntrack table and then legitimate packets are quietly dropped and you
won't see any problems thinking everything is perfect with your server
unless you dig into your system logs.


Hhm, my system log doesn't show any problems, maybe due to (or
regardless of?):
	CONFIG_SYN_COOKIES=y
?
Nevertheless, I updated the Readme to explain my point of view [1] [2].

[1] https://github.com/toralf/torutils#block-ddos-traffic
[2] https://github.com/toralf/torutils#rule-set

--
Toralf

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] preventing DDoS is more than just network filtering
  - From: Toralf Förster

Prev by Author: Re: [tor-relays] Need a little assistance with a relay
Next by Author: [tor-relays] preventing DDoS is more than just network filtering
Previous by thread: [tor-relays] preventing DDoS is more than just network filtering
Next by thread: [tor-relays] State of the Onion 2022
Index(es):
- Author
- Thread