[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] syn flood iptables rule

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] syn flood iptables rule
From: Toralf Förster <toralf.foerster@xxxxxx>
Date: Tue, 30 Mar 2021 19:46:14 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 31 Mar 2021 04:25:57 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1617126375; bh=GFgk9T+s2OKImuJ5SOtDj5juGh0iHYSaSyYMGJjYKoc=; h=X-UI-Sender-Class:Subject:To:References:From:Date:In-Reply-To; b=DhHCN5GYVtD9K/58J7MvZjP3FhPWo0ITMWYuquFIntP+BAsxxOOuyJuj68sUJnESC 4JCa9BgIy+aKa+I5/gYPOs3cvq/7eCLkcSF9YdZ7rEqHXoOB+wdWmRB+QFRRaFOdCG tdxwLXrQu+U1hose5UUSuvNaMx8Oh8nw2HY1J/Uo=
In-reply-to: <eace1eef-86e1-58df-9fd3-a10c24eeb412@gmx.de>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <eace1eef-86e1-58df-9fd3-a10c24eeb412@gmx.de>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.9.0

On 2/22/21 3:27 PM, Toralf Förster wrote:


  # DDoS
  $IPT -A INPUT -p tcp -m state --state NEW -m recent --name synflood --set
  $IPT -A INPUT -p tcp -m state --state NEW -m recent --name synflood
--update --seconds 60 --hitcount 10 -j DROP


just for the record:

In the emanwhile I do think that this idea was BS.

The reason is that if an advisory spoofs the sender address then this
eventually blocks the (spoofed) sender address thereby.

--
Toralf
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Prev by Author: Re: [tor-relays] ECONNREFUSED
Next by Author: Re: [tor-relays] ipv6 ORPort + DIRPort too ?
Previous by thread: Re: [tor-relays] This is not me
Next by thread: [tor-relays] ISP
Index(es):
- Author
- Thread