[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Performance issues/DoS from outgoing Exit connections



On Samstag, 22. Oktober 2022 22:40:38 CEST Toralf Förster wrote:
> On 10/21/22 22:09, Alexander Dietrich wrote:
> > This is still experimental, so if you decide to give the script a try,
> > please keep an eye on it.
> 
> IMO a "reload tor" is fully sufficient and should be preferrred over
> "restart", or ?
> 
> Years ago I wrote a bash script, which created for an ip to be blocked
> just an own file. Such a file can be easily removed and then tor
> reloaded to unblock that ip ;)

Just tested because Applied Privacy and I have the problem that the exit 
policy rules do not work with some IPs¹.

Last night at 10pm: IP 79.137.192.228 had 500k connections. Added the IP to 
the exit policy and reloaded tor.

Policy in that order:
ExitPolicy reject 79.137.192.228/32:*
ExitPolicy reject *:22
ExitPolicy reject *:25
ExitPolicy accept *:*

12 hours later the IP still has over 100k connections.
-> systemctl restart tor
1 hour later the IP has 0 connections :-)

¹https://gitlab.torproject.org/tpo/core/tor/-/issues/40676

-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays