[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #33018 [Core Tor/Tor]: Dir auths using an unsustainable 400+ mbit/s, need to diagnose and fix

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #33018 [Core Tor/Tor]: Dir auths using an unsustainable 400+ mbit/s, need to diagnose and fix
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sun, 02 Feb 2020 04:01:00 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 01 Feb 2020 23:01:10 -0500
In-reply-to: <044.461dd48d6037b51f23921d9a5574286a@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.461dd48d6037b51f23921d9a5574286a@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, blackhole@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#33018: Dir auths using an unsustainable 400+ mbit/s, need to diagnose and fix
---------------------------------------+-----------------------------------
 Reporter:  arma                       |          Owner:  dgoulet
     Type:  defect                     |         Status:  assigned
 Priority:  Medium                     |      Milestone:  Tor:
                                       |  0.4.3.x-final
Component:  Core Tor/Tor               |        Version:
 Severity:  Normal                     |     Resolution:
 Keywords:  network-health 043-should  |  Actual Points:
Parent ID:                             |         Points:
 Reviewer:                             |        Sponsor:
---------------------------------------+-----------------------------------

Comment (by starlight):

 How about throwing up an iptables recent module rule limiting the maximum
 request rate from any single IP address and seeing if it helps?  My
 observation is botnet abuse often arrives with high intensity from a
 limited number of addresses during a given interval.  Set at a perhaps
 twice the maximum rate expected of a bootstrapping relay.  If it works
 similar logic could be added to the relay logic.  I have a couple of rules
 I'll share privately, though it's hardly rocket science.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33018#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #33157 [Circumvention/Snowflake]: Client generates SDP with "IN IP4 0.0.0.0", causing proxy to send "client_ip=0.0.0.0" and bridge to send "USERADDR 0.0.0.0:1"
Next by Author: [tor-bugs] #33130 [Core Tor/DirAuth]: remove end-of-life tor versions 0.4.0.x from recommended versions to warn relay operators
Previous by thread: Re: [tor-bugs] #33127 [Circumvention/Snowflake]: Snowflake Extension proxy bug
Next by thread: Re: [tor-bugs] #33018 [Core Tor/Tor]: Dir auths using an unsustainable 400+ mbit/s, need to diagnose and fix
Index(es):
- Author
- Thread