Re: [tor-relays] DoS stats from exits running 0.3.3.2-alpha

Subject: Re: [tor-relays] DoS stats from exits running 0.3.3.2-alpha

Date: Sat, 17 Feb 2018 09:16:09 +1100

Delivery-date: Fri, 16 Feb 2018 17:16:27 -0500

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:content-transfer-encoding:mime-version:date:subject:message-id :references:in-reply-to:to; bh=sBfCS//YcpgWG/Q5NvXCVOFcXmxDvRqCh2J8thDTO3o=; b=NVB7JK0oVyVWCAdVkEBB3kFhSDXkDJaVgw0VtkQrSuY11YTdf2cZYTjSI8XgQU5wud YSWEOl/6leA2tYhhBjXkIax5F4EF7gFFd4HoOUpCU3lX7/RSqqU7SaINJxech3Pv57Wp sSpKXS1Km9DgiJU/isCLaHAflO9ctglYOc/AdOsV5/CCXrii4McYbIYn1la+N0MKTeLh XJovIRPWlCGi5fuMfy0oKazuWaBVhxIM88Mu3+ck8h4h+oyMzB0VOBhp+AUOrB/ZBj/+ FLjqjLx33tLBNAOCJUejZk7yIRgm9Qtwh4rWj52nz92pMe8d7HhiV1sPxVEMa7PovrS/ 8WaA==

In-reply-to: <dbdec5f3-af1e-29ee-7202-4fbf338d1191@torproject.org>

List-archive: <http://lists.torproject.org/pipermail/tor-relays/>

List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>

List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>

List-post: <mailto:tor-relays@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>

References: <d9fd980d-0e22-499a-a527-d5f75c60af68@riseup.net> <dbdec5f3-af1e-29ee-7202-4fbf338d1191@torproject.org>

Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On 17 Feb 2018, at 07:21, Matt Traudt <pastly@xxxxxxxxxxxxxx> wrote:

On 2/16/18 12:23, nusenu wrote:
I was wondering if these unfriendly tor clients are using tor's default
path selection or something else.

We think they are using Tor's bandwidth weights, but without entry guards.

They may be using one of the buggy versions that assigns exits a non-zero

weight.

If they do tor exit relays would have much smaller values in their DoS stats, right?

My exit has smaller DoS stats and connections than my guards.

And my higher-weighted guards have more connections than my

lower-weighted guards.

These DoS stats are from one of my guards:

https://trac.torproject.org/projects/tor/ticket/24902#comment:76

Would any tor exit operator (listed bellow) running 0.3.3.2-alpha be willing to share (obfuscated/not exact
counters) of their DoS log entries? (only if you do not have any additional firewall rules filtering packets)

I run an 0332-alpha relay with no extra firewall rules.

4B084AD6A0BA70761A333829F52042BB6EA009AF

In case the following gets wrapped and ruined: https://paste.debian.net/1010648/

Feb 16 01:50:55.000 [notice] Since startup, we have initiated x v1 connections, x v2 connections, x v3 connections, and 5xxxx v4 connections; and received 5x v1 connections, 1xx v2 connections, 9xx v3 connections, and 4xxxxx v4 connections.
Feb 16 01:50:55.000 [notice] DoS mitigation since startup: x circuits rejected, x marked addresses. x connections closed. 2xx single hop clients refused.

On my guards, each of these figures is much higher.

But the "single hop clients refused" figure is proportional to the bandwidth

(my figure is 8x, and my bandwidth is 5x). So those clients may be using

raw bandwidth weights rather than middle weights.

_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays