[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-relays] short conntrack DDoS attack
Few days ago the throughput of my Tor relay went down to nearly zero for
about 3 minutes. It turned out that the reason (maybe) was a change here
in my iptables rules. Especially I switched these 2 lines:
iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
and run then few hours later into problems. And switched back ofc.
An explanation for the dropdown was given in [1]. Given that the
explanation is right:
How is the Tor application harmed if an attacker mangles packets so that
the state of them are INVALID for the conntrack module but they do pass
the RELATED,ESTABLISHED rule ?
[1] https://forums.gentoo.org/viewtopic-p-8798034.html
--
Toralf
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays