True, but slowing them down could still be useful.
At any rate, Suricata is a no-go for low-end relays that only have 500MB of RAM. It just hammers the pagefile.
On Sat, Oct 8, 2016 at 7:00 PM, Markus Koch niftybunny@googlemail.com wrote:
Would not help. These are bots, you can slow them down but this will not stop them at all.
Markus
2016-10-09 1:57 GMT+02:00 teor teor2345@gmail.com:
On 7 Oct 2016, at 05:07, Green Dream greendream848@gmail.com wrote:
If we're going to change anything I think it needs to happen within Tor software. Operators could leverage the existing "Exitpolicy reject" rules, or Tor could add functionality there if it's missing. Whatever we do, I think it needs to be uniform and transparent.
I had a conversation with someone at the recent tor meeting about rate-limiting Tor traffic. There are all sorts of drawbacks (blocking popular sites, for example), but I wonder if there are rate-limiting settings that would eliminate the majority of abuse reports based on default fail2ban and similar reporting system settings.
For example, I wonder if the complaints I receive about SSH could be eliminated by slowing down repeated SSH connections to the same host by a second or so.
Clearly more research is needed to work out if this is even feasible, and, if it is, what rate limits should apply to what ports.
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays