[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor and NNTP



On Fri, 3 Nov 2006, Aioe wrote:

In order to avoid SYN DDOS and floods, my server accepts only a determinate
number of daily connections and bytes per IP. Trespassers are banned for a
day. While a single (end) proxy serves a single client the total activity
generated on my host by that tor router usually remains under this limit.
When more than a client uses the same proxy, often that tor router exceeds
those values because the barrier is calibrated assuming a single client per
IP. Every IP can also post only 25 messages per day which is a reasonable
limit for a single client but it isn't enough when multiple users share the
same IP.

There is a fundamental flaw in this assumption that will cause you problems with a much larger user set than just tor users. Your assumptions on a 1:1 mapping of users to ip addresses also break for populations behind NAT. Sometimes entire organizations or networks appear to the public internet as a single set of proxy/NAT addresses, and your accounting method breaks for this set as well.


While explicitly permitting Tor routers is a step in the right direction, you're going to run into the same problems with natted users, and that will be a tougher nut to crack.

good luck,
matto

--matt@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx<darwin><
  Moral indignation is a technique to endow the idiot with dignity.
                                                - Marshall McLuhan