[tor-relays] Traffic in port 9050 in a relay (denial of service attack?)
Kevin Steen
ks at kevinsteen.net
Wed Nov 6 10:30:30 UTC 2013
On 06/11/13 06:09, Andreas Krey wrote:
> On Tue, 05 Nov 2013 14:09:40 +0000, Thomas Hand wrote:
> ...
>> Also, use iptables! If it is a dedicated VPS then drop anything you dont
>> recognize,
>
> What for? The ports that you want to block are rejected by the kernel
> anyway, as there is no one listening. (The minor added protection that
> malware needs to be root to disable iptables and effectively listen -
> is that worth the work?)
Dropping bad requests will reduce your bandwidth usage through not
having to send TCP RST responses, and will also increase the workload of
the attacker as they'll have to wait for a timeout on each connection.
I wouldn't recommend dropping everything, though, as it makes
troubleshooting very difficult - just drop connections to ports which
get attacked.
-Kevin
More information about the tor-relays
mailing list