[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] DDOS alerts from my provider

On 7/12/24 00:14, boldsuck wrote:

The idea is not bad. But can you simply discard every ≤ 50byte packet?


Probably not


I drop fragments and uncommon TCP MSS values.
ip frag-off & 0x1fff != 0 counter drop


IIUC then using conntrack via iptables means that this filter cannot be
implemented, right?


tcp flags syn tcp option maxseg size 1-536 counter drop


Is 536 == 514 + 22 (Tor packet size + ip header) ? It is my
understanding that Tor send out TCP/IP small packets beside the 514
bytes sized.

--
Toralf

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays