Hi
Am 19-May-18 um 16:28 schrieb starlight.2017q4@binnacle.cx:
Dirport is a handy convenience, but is not essential to proper functioning of the network. Put a connection rate-limit on dirport and it stopped the abuser cold. Dirport traffic went from 15% of total back down to 1-2% where it belongs.
Nonetheless the questions posed are valid.
At 12:25 5/18/2018 -0400, starlight.2017q4@binnacle.cx wrote:
Lately seeing escalating abuse traffic on the relay dirport, now up to 20k rotating source IP addresses per week.
It makes sense to rate limit (syn/sec) and connection limit Dirport usage. I do this since years. The smaller a relay is the more it suffers from excessive clients. Can we get the DOS mitigation to perform it? As long as I observe this issue it behaves like the Orport misuse in the near past.