11 Dec
2017
11 Dec
'17
4:41 p.m.
On Mon, December 11, 2017 1:40 pm, Alex Xu wrote:
tl;dr: run this:
conntrack -L -p tcp --dport 9001 | awk '{print $5}' | sort | uniq -c |sort -n
Thanks for the detailed analysis.
ignore numbers less than 10. the remaining output should consist of the following:
...
are not NATed IPs, a high limit is not justified. I recommend against the blanket approach suggested previously of limiting whole sets of /24s, since that may inadvertently block mobile clients and is not effective against the current attack. As mentioned in the previous
I agree the approach of /24 connlimit is not a good approach to Exit nodes. But for relays only worked fine for me and others.
cheers.
-- x9p | PGP : 0x03B50AF5EA4C8D80 / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE