<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div class="default-style">
Hello,
</div>
<div class="default-style">
</div>
<div class="default-style">
on the evening of 2022-10-18, we (Artikel10) started getting alerts about our Tor servers, while our traffic declined sharply. When we investigated, we found that there were hundreds of thousands of TCP connections (per server) open to a single address, orders of magnitude more than any other address. We blocked this address via "ExitPolicy reject", then another one, and since then things seem to have improved.
</div>
<div class="default-style">
<div class="default-style">
</div>
<div class="default-style">
I have thrown together a small Python script to detect this and generate "ExitPolicy reject" lines automatically:
</div>
<div class="default-style">
<a href="https://github.com/artikel10/surgeprotector">https://github.com/artikel10/surgeprotector</a>
</div>
<div class="default-style">
</div>
<div class="default-style">
This is still experimental, so if you decide to give the script a try, please keep an eye on it.
</div>
<div class="default-style">
</div>
<div class="default-style">
Kind regards,
</div>
<div class="default-style">
Alexander
</div>
</div>
<div class="io-ox-signature">
<div class="default-style">
<span style="color: #999999;">-- </span>
</div>
<div class="default-style">
<span style="color: #999999;">PGP Key: <a href="https://dietrich.cx/pgp">https://dietrich.cx/pgp</a> | 0x52FA4EE1722D54EB</span>
</div>
</div>
</body>
</html>