[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] DoS attack on Tor exit relay

To: <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-relays] DoS attack on Tor exit relay
From: <gerard@xxxxxxxxxxxx>
Date: Thu, 1 Aug 2019 12:16:41 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 01 Aug 2019 18:56:15 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=bulger.co.uk; s=mail; t=1564658200; bh=z+/wzhjH9Bg0peXlSxdrPBFMXDhnM58XB+8Il/eP8XA=; h=From:To:References:In-Reply-To:Subject:Date:From; b=LIEhlRycDhyl2iWoq9hH2nnrl+f8YHFFoVN0WBRroCK8P+71QHgZwMZSKxe1OTvOO OtCqt3nkd1+C9UrwDbs/yhajwExnLhoiBZjiNE9GByPVFYVoK/Z8bhCwZ2eEd5BXe3 I0LVwiI1uYZ2UE+M7rUoIQjFp/VI2gsO7OUWmTpg=
In-reply-to: <CE74D2DB-3C04-4208-A35A-47B4C652604C@riseup.net>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <UCE2yOt3j5aVTKaJNFoM9zhqsvt93YoNeLjkIikW0wbIss4q3eZeMxooQ-GurcRxzXBfd9__N7zkVabJolStsSMtsJTGYhndBppvd-SmDog=@protonmail.com> <34D35ED9-6575-4252-B978-D5B17C62B86B@linux-hus.dk> <3b45bceb-0db8-515f-0806-148155ac54af@cni.net> <CE74D2DB-3C04-4208-A35A-47B4C652604C@riseup.net>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
Thread-index: AQJJ1gEElq7146fEf9ZPP8FvDiSPwwJjEiVCAsHjV78CIB/3daXC4CmQ

Can we have your fail2ban scripts for the OR port?  The jail and rules?

Gerry

-----Original Message-----
From: tor-relays <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx> On Behalf Of teor
Sent: 01 August 2019 00:28
To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] DoS attack on Tor exit relay

Hi,

> On 1 Aug 2019, at 02:27, Larry Brandt <lbrandt@xxxxxxx> wrote:
> 
> Yes, I have fail2ban installed but the attack is focused on my ORPort
9001.  Similarly, I have an external firewall but it permits 9001 port
passage.

If you're trying to prevent too many connections, you can adjust the DoS
torrc options:
DoSConnectionEnabled 1
DoSConnectionMaxConcurrentCount 1
DoSConnectionDefenseType 2

If that works, try adjusting DoSConnectionMaxConcurrentCount a bit
higher: 10 or 25 are good values.

T

--
teor
----------------------------------------------------------------------


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] DoS attack on Tor exit relay
  - From: potlatch

Prev by Author: Re: [tor-relays] DoS attack on Tor exit relay
Next by Author: Re: [tor-relays] Measuring the Accuracy of Tor Relays' Advertised Bandwidths
Previous by thread: Re: [tor-relays] Measuring the Accuracy of Tor Relays' Advertised Bandwidths
Next by thread: Re: [tor-relays] DoS attack on Tor exit relay
Index(es):
- Author
- Thread