On 2022-10-19 17:10, Chris wrote:
You may want to check these
links:
https://gitlab.torproject.org/tpo/community/support/-/issues/40093
https://github.com/Enkidu-6/tor-ddos
https://github.com/toralf/torutils
Thank you for the reply and the links.
From what I can understand those links concern "connections". I
believe my firewall rules handles that fine (they're based on
Toralf's example).
My concern is about circuits. As I understand it one connection can
create many circuits. If the attacker keeps the connections down to
avoid being blacklisted they can create lots of circuits. And one
circuit created affects 3 relays.
So what I'm looking for is a way to get the IP of big circuit
creators.
I understand that many circuits will come from other relays but on
my guard relay I assume the attacker also connect directly. If I can
blacklist non-relays that create too many circuits I can help my
relay and those downstream.