[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] [PATCH] Defences against the recent hidden service DoS attacks



Hello,

Some minor notes...

On Wed, 20 May 2015 20:03:38 +0100
George Kadianakis <desnacked@xxxxxxxxxx> wrote:
> == Instructions ==
> 
> Our patch is not in an official Tor release yet, so you will need to
> use an unofficial git branch:
> 
>     https://trac.torproject.org/projects/tor/ticket/16052#comment:18

The configuration parameters are now in master (aka 0.2.7.1-alpha-dev).
It's likely that a 0.2.6.x backport will happen, but feedback would
play an instrumental part in ensuring that happens (either as a reply,
or by commenting on the trac ticket).

> Next, an operator who wants to deploy this experimental fix, should
> first figure out how many simultaneous TCP connections a normal client
> would establish. For example, an IRC server would probably not need
> more than 1 simultaneous connection per user. A web server, depending
> on the use, might need something between 6 to 12 (?) simultaneous
> connections.

Per discussion with the Tor Browser developers, I have been told that 6
is the correct number for http content, and that if there are any more
streams associated with a Tor Browser user accessing a site, it would
be a Tor Browser bug.

Other browsers/protocols may require a higher or lower limit.  A
warning is logged periodically (rate limited to avoid log spam/clutter)
if circuits exceed the limit, so adjusting the parameter should be
relatively straight forward.

Regards,

-- 
Yawning Angel

Attachment: pgptI9WUOQuzb.pgp
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev