[tor-bugs] #33018 [Core Tor/Tor]: Dir auths using an unsustainable 400+ mbit/s, need to diagnose and fix
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Feb 2 04:07:16 UTC 2020
#33018: Dir auths using an unsustainable 400+ mbit/s, need to diagnose and fix
---------------------------------------+-----------------------------------
Reporter: arma | Owner: dgoulet
Type: defect | Status: assigned
Priority: Medium | Milestone: Tor:
| 0.4.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: network-health 043-should | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
---------------------------------------+-----------------------------------
Comment (by arma):
Replying to [comment:19 starlight]:
> How about throwing up an iptables recent module rule limiting the
maximum request rate from any single IP address and seeing if it helps?
My observation is botnet abuse often arrives with high intensity from a
limited number of addresses during a given interval. Set at a perhaps
twice the maximum rate expected of a bootstrapping relay. If it works
similar logic could be added to the relay. I have a couple of rules I'll
share privately, though it's hardly rocket science.
I believe Sebastian has done some exploration of the IP addresses, and
found that many of the requests come from their own IP address. That is,
this really is thousands of places around the internet, not just a
handful.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33018#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list