[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] DoS attack on Tor exit relay



you can try this https://www.configserver.com/cp/csf.html


> Thanks.  I just could not see how Fail2ban would work on an ORport.  What log would it look at?  What criteria for the jail?   The fai2ban on my non-tor VPS does not yet work with IPv6,  which is partly the nature of IPV6 rather than a programming issue.  I did not realise IPV6 was ignored until a weak email account was found.  So I firewalled off most IPv6 ports instead.
>
> -----Original Message-----
> From: tor-relays <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx> On Behalf Of potlatch
> Sent: 05 August 2019 00:04
> To: tor-relays@xxxxxxxxxxxxxxxxxxxx
> Subject: Re: [tor-relays] DoS attack on Tor exit relay
>
> Gerry,
> At this point I have no working scripts for Tor/fail2ban.  Be happy to share if they ever materialize.  Fail2ban is sorely lacking documentation--or at least I can't find detailed docs.  I downloaded fail2ban on current debian and ubuntu VPS and got different version numbers--none were the current release.  Stay tuned or give a hand.
> -potlatch
>
>
> Sent with ProtonMail Secure Email.
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Thursday, August 1, 2019 4:16 AM, <gerard@xxxxxxxxxxxx> wrote:
>
>> Can we have your fail2ban scripts for the OR port? The jail and rules?
>>
>> Gerry
>>
>> -----Original Message-----
>> From: tor-relays tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx On Behalf Of teor
>> Sent: 01 August 2019 00:28
>> To: tor-relays@xxxxxxxxxxxxxxxxxxxx
>> Subject: Re: [tor-relays] DoS attack on Tor exit relay
>>
>> Hi,
>>
>>> On 1 Aug 2019, at 02:27, Larry Brandt lbrandt@xxxxxxx wrote:
>>> Yes, I have fail2ban installed but the attack is focused on my ORPort
>> 9001.  Similarly, I have an external firewall but it permits 9001 port
>>     passage.
>>
>>     If you're trying to prevent too many connections, you can adjust the DoS
>>     torrc options:
>>     DoSConnectionEnabled 1
>>     DoSConnectionMaxConcurrentCount 1
>>     DoSConnectionDefenseType 2
>>
>>     If that works, try adjusting DoSConnectionMaxConcurrentCount a bit
>>     higher: 10 or 25 are good values.
>>
>>     T
>>
>>     --
>>     teor
>>
>>
>> tor-relays mailing list
>> tor-relays@xxxxxxxxxxxxxxxxxxxx
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Attachment: pEpkey.asc
Description: application/pgp-keys

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays