[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor is released

thank you for this important release!

Nick Mathewson:
>   o Major features (denial-of-service mitigation):
>     - Give relays some defenses against the recent network overload. We
>       start with three defenses (default parameters in parentheses).
>       First: if a single client address makes too many concurrent
>       connections (>100), hang up on further connections. Second: if a
>       single client address makes circuits too quickly (more than 3 per
>       second, with an allowed burst of 90) while also having too many
>       connections open (3), refuse new create cells for the next while
>       (1-2 hours). Third: if a client asks to establish a rendezvous
>       point to you directly, ignore the request. These defenses can be
>       manually controlled by new torrc options, but relays will also
>       take guidance from consensus parameters, so there's no need to
>       configure anything manually. Implements ticket 24902.

Do you advise relay operators against using OutboundBindAddress and OutboundBindAddressExit
due to the "is this a relay IP?" check not being able to handle such relays because their
outbound IP does not match their OR IP?

> It is possible to do "tor-in-tor" meaning a tor client connection can exit
>  the network and come back at a Guard node.
>  And if this happens to be detected by the DoS subsystem, we'll blacklist
>  the Exit relay for a while. That is *NOT* good.

thank you

twitter: @nusenu_

Attachment: signature.asc
Description: OpenPGP digital signature

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to