[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

NNTP + Tor Pt 2

In the last months i've spent a lot of time trying to optimize the TOR 
interface with my public news (USENET) server (aioe.org) which is also 
available through an hidden service at news://w4rwbqnaa6oopu5l.onion .
I'm trying to write a short document that describes this process and i
wish your opinions about some points.

1. The onion domains are extremely slow. When a client tries to open a
connection with a news server, an istance of nnrpd is loaded by xinetd 
and it's kept in memory until that client closes the connection or an 
amount of time is elapsed without receiving anything from that client. 
This is called 'initial timeout' and it's usually set to a reasonably
low amount of seconds (2) in order to quickly disconnect the clients in
order to save resources. When a client tries to establish a connection
with my server through an onion domain, a short initial timeout isn't
enough and the server closes the connection before receiving the client's
request. Which is the lowest amount of time that is always enough for 
TOR? Four seconds seems to be enough, is this right?

2. TOR network is used by many (wannabe) hackers. An improper use of
some NNRP command (XOVER) can slow down the server, control messages
are forbidden, spam is not welcome. In the last months, aioe.org was
plagued by several attacks delivered through TOR. This is becoming a
problem because the server is forced to block the TOR interface in
order to avoid more serious damages. Which kind of protections do you
choose for the hosts that are serving TOR services (ie mail servers or
web servers)?