[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] DoS attacks on multiple relays



first measure on a good day how many connection per /24 your exit/relay
have, excluding these with 1 2 or just 3 connections:

# netstat -tupan | grep ESTABLISHED | grep /tor | awk '{print $5}' | awk
-F: '{print $1}' | awk -F. '{print $1"."$2"."$3}' | sort | uniq -c | sort
| egrep -v '      1 |      2 |      3 '

with this information in hand, double the max of it (mine was 10
connections from 188.214.30.0/24):

     10 188.214.30

iptables -A INPUT -i eth0 -p tcp -m connlimit --connlimit-above 20
--connlimit-mask 24 -j REJECT --reject-with tcp-reset

cheers.

x9p

>> connlimit per /24. it does more good than evil.
>
> Any guidance on the specifics? Like how many concurrent connections to
> allow per /24? Not sure what's expected from legitimate user traffic
> through the relay... don't want to make things worse.
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays