[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] We're trying out guard-n-primary-guards-to-use=2



On 7/10/22 22:28, Logforme wrote:
A week ago I implemented  connection limits per Toralf's post:
iptables -A INPUT -p tcp --destination-port  443 -m connlimit --connlimit-mask 32 --connlimit-above 30 -j DROP
This reduced the number of connections to about 10000.

I just now noticed that the relay is flagged as overloaded. What to do?
Decrease the connection limit from 32 to .. what?
Decrease my RelayBandwidthRate even more? Seems like giving in to the DoSer.

There're still about 200-300 VPS systems DDoS'ing my 2 Tor relays.
The iptables rule halfs the pressure.
I could nearly fully stop the DDoS by using [1].


[1] https://github.com/toralf/torutils/blob/master/ddos-inbound.sh

--
Toralf

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays