[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Short heads up

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Short heads up
From: Neel Chauhan <neel@xxxxxxxxx>
Date: Thu, 29 Dec 2022 18:46:20 -0800
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 09 Jan 2023 03:18:02 -0500
In-reply-to: <Z7zBwrVyjmDxEqTuOGX38-2q4FHZZDO2Tvsc9Jo9VwsJEqLslWhZgDjqGwxy-npKS00jVIu9gTl7Gj6pLDBzscfYE4byklDWErkHYHZZ8Is=@nognu.de>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <Z7zBwrVyjmDxEqTuOGX38-2q4FHZZDO2Tvsc9Jo9VwsJEqLslWhZgDjqGwxy-npKS00jVIu9gTl7Gj6pLDBzscfYE4byklDWErkHYHZZ8Is=@nognu.de>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On 2022-12-25 00:27, Frank Steinborn via tor-relays wrote:

Hi friends,
I made some smaller tweaks over the last few hours which shouldespecially help relays on nearly OOM or thrashing situations (makinguse of Zswap + MGLRU if available).
The rules themselves are just the same, so no changes there.

I had an exit relay which was constantly DDoSed. Instance CPU usage was40%.

Had the IP change (for another reason tho) and it didn't go away, theDDoS targeted that particular fingerprint. That server had two relays,one fortunately unaffected.

I ended up just changing the fingerprint for the affected one. Now Ihave to wait for the ramp-up phase, yay!

Merry christmas,
Frank


Best,

Neel

------- Original Message -------
On Sunday, December 4th, 2022 at 11:25 PM, Frank Steinborn<steinex@xxxxxxxx> wrote:
Hi,
I want to show you my anti DDoS solution for my relays (aswell ;-). Itworks without ipset, but with a mix of the recent and hashlimitiptables modules.
What is does:
* If one IP address tries to make 7 SYN connection attempts persecond, they are locked out for 300 seconds. If they try anotherconnection in that timeframe, the timer is reset and they are lockedout for another 300 seconds.* Threre are no more SYNs allowed if 4 connections are already in useto the ORPort.
It works very well for me. Other solutons are far more aggressive butI feel my solution works perfectly against the attacks, even if theyare not that aggresive.
On top of that, I feel its more easy to implement into ones existingfirewall solution.
You can find the repo here: https://github.com/steinex/tor-ddos

Feel free to give it a shot and feedback would be much appreciated!

Greetings,
steinex
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Short heads up
  - From: Georg Koppen

Prev by Author: Re: [tor-relays] obfs4proxy on arm64
Next by Author: [tor-relays] relayor v23.0.0 is released
Previous by thread: Re: [tor-relays] inet_csk_bind_conflict
Next by thread: Re: [tor-relays] Short heads up
Index(es):
- Author
- Thread