Can we have your fail2ban scripts for the OR port? The jail and rules?
Gerry
-----Original Message----- From: tor-relays tor-relays-bounces@lists.torproject.org On Behalf Of teor Sent: 01 August 2019 00:28 To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] DoS attack on Tor exit relay
Hi,
On 1 Aug 2019, at 02:27, Larry Brandt lbrandt@cni.net wrote:
Yes, I have fail2ban installed but the attack is focused on my ORPort
9001. Similarly, I have an external firewall but it permits 9001 port passage.
If you're trying to prevent too many connections, you can adjust the DoS torrc options: DoSConnectionEnabled 1 DoSConnectionMaxConcurrentCount 1 DoSConnectionDefenseType 2
If that works, try adjusting DoSConnectionMaxConcurrentCount a bit higher: 10 or 25 are good values.
T
-- teor ----------------------------------------------------------------------