Hi Anders,
I'm considering not setting OutboundBindAddress on the dotsrc exit relays ( https://metrics.torproject.org/rs.html#search/dotsrc). Wouldn't it be better if all outgoing connections came from the same IP (i.e do not set OutboundBindAddress), for the sake of making correlation analysis harder? Say you observe an exit connection to example.com:443. If all the dotsrc relays used 185.129.61.1 as src IP, you couldn't tell which of our relays made the connection.
There are two settings that can help you with achieving both goals at the same time:
* use the inbound IP for connections to other relays: OutboundBindAddressOR * use a single source IP for connections exiting the network: OutboundBindAddressExit
there are other points to consider though: if all users exit through the same IP, will the web become less accessible for tor users because one bad user ruined the IP reputation for all users?
On a related note, wrt ongoing ddos, here's something that might be useful to exit relay operators: What we observed, was tens of thousands open exit connections to a few IP
This is a known issue and there are issues on gitlab.tpo for it and 3rd party tools for exit operators.
One way to solve this, is to do some firewall foo, but I really don't like connection tracking (unnecessary CPU cycles). An alternative solution that works great for us, is to lower the net.ipv4.ip_local_port_range from the default of about 30.000 ports. E.g: # sysctl -w net.ipv4.ip_local_port_range="64000 65535"
I don't think that it is a good approach to set such a low hard limit for connections to any single destination.
kind regards, nusenu