> On 16 Aug 2017, at 14:22, tor <tor@xxxxxxxxxxxxx> wrote: > > > Note that most clients use the ORPort for fetching directory stuff, and > > that's heading towards "all clients" as people upgrade and stop using weird > > configurations. > > > If you're worried about denial of service issues on the DirPort, maybe the > > simple answer is to turn off the DirPort? I think the only real impact might > > have something to do with whether old clients believe that you're a usable > > guard. > > What about fallback directory mirrors? > Does fallback traffic go over the ORPort too? Bootstrapping clients always use the ORPort to talk to fallbacks. (Both features were introduced in 0.2.8.) Bootstrapping relays use the DirPort to talk to fallbacks. > Is it safe to disable the DirPort on a fallback relay? If you disable the DirPort, the fallback will be excluded when we next rebuild the list. We are working on ORPort-only fallbacks, but it's low priority, because the existing system works. To make it work, we need to: #18856: teach stem to talk ORPort so we can check the fallback, and #19129: modify the fallback checking script to allow ORPort-only fallbacks T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------
Attachment:
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays