Alex Xu alex_y_xu@yahoo.ca wrote:
Quoting Felix (2017-12-11 17:07:30), as excerpted
Hi Alex
Great points.
conntrack -L -p tcp --dport 9001 | awk '{print $5}' | sort | uniq -c | sort -nOn FreeBSD one can do:
yeah, the optimal rule would ban "bad IPs" after some threshold of connections, like "if one IP makes >1 conn/sec for at least 1 minute ban for 1 hour" or something. I'm hoping to fix the underlying issue in Tor so that low-bandwidth attacks like these are less effective.
FWIW, the method that Felix posted should also work in DragonflyBSD and NetBSD. It may also work in OpenBSD, but the caveat is that the OpenBSD project has continued to develop its implementation of pf, so I don't know whether Felix's solution still works in OpenBSD. The other three BSDs' pf support has not been synchronized with that of the originating project (OpenBSD) for many years. Perhaps an OpenBSD tor relay operator can comment here on this matter.
Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at sdf.org *xor* bennett at freeshell.org * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************