[tor-relays] blocking >1 connections per ip address onto Tor DirPort
Roger Dingledine
arma at mit.edu
Tue Aug 15 22:22:48 UTC 2017
On Tue, Aug 15, 2017 at 11:52:31PM +0200, Toralf Förster wrote:
> Does a particular Tor server/client will open more than 1 connection
>at a time from to the DirPort ?
I think we definitely want to support that in the protocol.
I'm not sure whether it happens right now, but it might.
But preventing it from happening is likely bad.
Note that most clients use the ORPort for fetching directory stuff,
and that's heading towards "all clients" as people upgrade and stop
using weird configurations. So the DirPort is mainly used on authorities
(by relays that fetch dir stuff or upload relay descriptors), and by
auxiliary tools like stem and the various metrics project scripts.
If you're worried about denial of service issues on the DirPort, maybe
the simple answer is to turn off the DirPort? I think the only real
impact might have something to do with whether old clients believe that
you're a usable guard.
--Roger
More information about the tor-relays
mailing list