<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><span class="VIiyi" lang="en"><span class="JLqJ4b ChMk0b"><span
class="Q4iAWc">An effect can definitely be seen.</span></span>
<span class="JLqJ4b ChMk0b"><span class="Q4iAWc"><br>
</span></span></span></p>
<p><span class="VIiyi" lang="en"><span class="JLqJ4b ChMk0b"><span
class="Q4iAWc">I now have an average of 30 relays and over
600 IPs in the block list.</span></span></span></p>
<p><span class="VIiyi" lang="en"><span class="JLqJ4b ChMk0b"><span
class="Q4iAWc"><br>
</span></span></span></p>
<div class="moz-cite-prefix">Am 07.10.22 um 09:18 schrieb Chris:<br>
</div>
<blockquote type="cite"
cite="mid:bc514f77-9e3b-ae6d-f1df-44ac68c00fd5@wcbsecurity.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p><font size="-1"><font face="Arial">Compare.sh will tell you how
many of the IPs in the block list are relays. You've
collected a lot more IPs in your block list. Open a terminal
and type:<br>
</font></font></p>
<p><font size="-1"><font face="Arial"> ipset -L tor-ddos and
you'll see how many IPs are sitting in your block list.</font></font></p>
<p><font size="-1"><font face="Arial"><br>
</font></font></p>
<div class="moz-cite-prefix">On 10/6/2022 1:13 PM, Richie wrote:<br>
</div>
<blockquote type="cite"
cite="mid:9200188f-ac88-ddbf-90db-00f1183f9f58@zuviel.org">Hoi,
Chris, <br>
<br>
oh wow, that seems to help a lot. Uptime 1/2 hour now, load
50-60% and six IPs collected according to compare.sh. No signs
of overload yet. <br>
<br>
Thanks a lot, and i'll report, how things evolved. ATM, it looks
like you can add the "n00b proof"-stamp to your concept :) <br>
<br>
Greets and thanks again, <br>
Richie <br>
<br>
Am 06.10.22 um 11:47 schrieb Chris: <br>
<blockquote type="cite">Hi Richie <br>
<br>
I was a bit lost myself having to deal with the scripts and
additional packages to install. So I put something together
for myself based on the same rules and added a few twists but
in a simple text n00b proof format. It's as simple as copy and
paste and because it's all in clear text, you can modify it
without worrying about breaking any script. My rules are a tad
more strict but you can modify them as you wish. But the
concept is what @toralf has been implementing with a few
twists for efficiency's sake. <br>
<br>
You can find them here: <br>
<br>
<a class="moz-txt-link-freetext"
href="https://github.com/Enkidu-6/tor-ddos"
moz-do-not-send="true">https://github.com/Enkidu-6/tor-ddos</a>
<br>
<br>
<br>
On 10/3/2022 6:26 AM, Richie wrote: <br>
<blockquote type="cite">Hi, toralf, <br>
<br>
since i'm quite a n00b regarding iptables and shellscripts:
are there somewhere n00b-proof setup instructions for the
ddos protection scripts? <br>
here: relay (schlafschaf) with the usual connection floods,
running on Kubuntu (latest LTS) <br>
<br>
What i found out: <br>
ipset is not installed per default, added via <br>
sudo apt-get install iptables <br>
Also installed as recommended: stem, jq <br>
<br>
Trivial, nevertheless: edited the ORPort address on Line 122
<br>
Outcommented Lines 79-103 (hetzner, zwiebeltoralf only) <br>
<br>
running the script results in output as with iptables -L,
containing <br>
tcp dpt:443 #conn src/32 > 30 <br>
@ the "chain input ACCEPT" line <br>
and no entries in the chain PREROUTUNG, OUTPUT, PREROUTING
and OUTPUT lines. <br>
<br>
Strange: sudo watch ipv4-rules.sh results in <br>
1: ipv4-rules.sh: not found <br>
<br>
My apologies if its not the right place to ask. <br>
greetz <br>
Korrupt <br>
<br>
Am 03.10.22 um 09:43 schrieb Toralf Förster: <br>
<blockquote type="cite">On 9/30/22 17:57, Sandro Auerbach
wrote: <br>
<blockquote type="cite">30 minutes later still 22000
connections... <br>
Have you observed something similar? <br>
</blockquote>
<br>
I reduced those spikes [1] by using certain iptables rules
[2]. <br>
<br>
<br>
[1] <a class="moz-txt-link-freetext"
href="https://github.com/toralf/torutils/blob/main/sysstat.svg"
moz-do-not-send="true">https://github.com/toralf/torutils/blob/main/sysstat.svg</a>
<br>
[2] <a class="moz-txt-link-freetext"
href="https://github.com/toralf/torutils"
moz-do-not-send="true">https://github.com/toralf/torutils</a>
<br>
<br>
<br>
_______________________________________________ <br>
tor-relays mailing list <br>
<a class="moz-txt-link-abbreviated moz-txt-link-freetext"
href="mailto:tor-relays@lists.torproject.org"
moz-do-not-send="true">tor-relays@lists.torproject.org</a>
<br>
<a class="moz-txt-link-freetext"
href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays"
moz-do-not-send="true">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a>
<br>
</blockquote>
<br>
_______________________________________________ <br>
tor-relays mailing list <br>
<a class="moz-txt-link-abbreviated moz-txt-link-freetext"
href="mailto:tor-relays@lists.torproject.org"
moz-do-not-send="true">tor-relays@lists.torproject.org</a>
<br>
<a class="moz-txt-link-freetext"
href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays"
moz-do-not-send="true">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a>
<br>
</blockquote>
</blockquote>
<br>
_______________________________________________ <br>
tor-relays mailing list <br>
<a class="moz-txt-link-abbreviated moz-txt-link-freetext"
href="mailto:tor-relays@lists.torproject.org"
moz-do-not-send="true">tor-relays@lists.torproject.org</a> <br>
<a class="moz-txt-link-freetext"
href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays"
moz-do-not-send="true">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a>
<br>
</blockquote>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
tor-relays mailing list
<a class="moz-txt-link-abbreviated" href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.org</a>
<a class="moz-txt-link-freetext" href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a>
</pre>
</blockquote>
</body>
</html>