On 2022-10-19 17:10, Chris wrote:
You may want to check these links:
https://gitlab.torproject.org/tpo/community/support/-/issues/40093
Thank you for the reply and the links. From what I can understand those links concern "connections". I believe my firewall rules handles that fine (they're based on Toralf's example).
My concern is about circuits. As I understand it one connection can create many circuits. If the attacker keeps the connections down to avoid being blacklisted they can create lots of circuits. And one circuit created affects 3 relays.
So what I'm looking for is a way to get the IP of big circuit creators. I understand that many circuits will come from other relays but on my guard relay I assume the attacker also connect directly. If I can blacklist non-relays that create too many circuits I can help my relay and those downstream.