[tor-relays] Traffic in port 9050 in a relay (denial of service attack?)
Gordon Morehouse
gordon at morehouse.me
Fri Nov 8 05:34:50 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Lars Noodén:
> On 11/06/2013 01:26 PM, mick wrote:
>> I disagree. Dropping all traffic other than that which is
>> explicitly required is IMHO a better practice. (And how do you
>> know in advance which ports get attacked?)
>
> Using reject instead of drop simplifies troubleshooting.
>
> http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject
>
> Drop tends to get in the way.
I agree with the above document, but on really low-end hardware (hi,
I'm the resident Raspberry Pi person ;)), and with consumer routers,
REJECT can also cause problems during a Tor SYN flood by consuming
resources on both the relay and the router.
Since I *do* agree with REJECTing when possible, I do a two-stage
approach and only DROP hosts which have proven themselves more
aggressive than I can deal with during an overload condition. This
saves some resources to keep the relay alive.
Best,
- -Gordon M.
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJSfHf6AAoJED/jpRoe7/ujyfQH/AyCj4Jh0fhOQn3nRFKibofL
C0v7cJ3pzbgQCjaeBGwdCz+EDE4/aJaU4MOFAkv+HnMJbGGu9CpgQms+GVpY3P3T
H2tmev4vNQ3dLeylRPlSa/fsXUzQxsGOFSnSMc0FD6tNQGVYljKwRGsLtM0olNee
GN8GXLuLuYtoq25gF9ElAoUkDkHPHj5/R2f/3R7czY6S3SxkQs+V2rQ/uXb8VLBj
eMNCen+kNU5fhi5MhUcixkgd7ovl8599XUnWlgeEuSzjMsWhJHjv0AfmU9eEEtIJ
Sr1jY5ihgOp33ImRBr4/fuzndFI9oSTqChL8eg4ikHxsn8odQvdI9w5cflm4s8I=
=IMno
-----END PGP SIGNATURE-----
More information about the tor-relays
mailing list