[tor-relays] Traffic in port 9050 in a relay (denial of service attack?)
gordon at morehouse.me
Fri Nov 8 05:34:50 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
> On 11/06/2013 01:26 PM, mick wrote:
>> I disagree. Dropping all traffic other than that which is
>> explicitly required is IMHO a better practice. (And how do you
>> know in advance which ports get attacked?)
> Using reject instead of drop simplifies troubleshooting.
> Drop tends to get in the way.
I agree with the above document, but on really low-end hardware (hi,
I'm the resident Raspberry Pi person ;)), and with consumer routers,
REJECT can also cause problems during a Tor SYN flood by consuming
resources on both the relay and the router.
Since I *do* agree with REJECTing when possible, I do a two-stage
approach and only DROP hosts which have proven themselves more
aggressive than I can deal with during an overload condition. This
saves some resources to keep the relay alive.
- -Gordon M.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the tor-relays