[tor-relays] blocking >1 connections per ip address onto Tor DirPort

niftybunny abuse at to-surf-and-protect.net
Tue Aug 15 23:21:44 UTC 2017 

The “normal” classification of DDOS is more than 250000 packets/sec to your server/vps. 

You could check if it is a smurf attack or x-mas or whatever, but normally you will be null routed with 250k+ or the (hopefully) good anti DDOS hardware of the ISP will kick in.

Markus

“Cheery was aware that Commander Vimes didn't like the phrase 'The innocent have nothing to fear', believing the innocent had everything to fear, mostly from the guilty but in the longer term even more from those who say things like 'The innocent have nothing to fear'.”

― Terry Pratchett, Snuff

> On 16. Aug 2017, at 01:16, eric gisse <jowr.pi at gmail.com> wrote:
> 
> Just out of curiosity, do DoS attacks against dirports even happen?
> 
> My server gets nailed by what my host thinks is a DOS every now and
> then but I'm yet to get details.
> 
> Does anyone have a good idea on how I would be able to classify
> traffic as an attack rather than normal "shitloads of traffic" ?
> 
> On Tue, Aug 15, 2017 at 5:22 PM, Roger Dingledine <arma at mit.edu> wrote:
>> On Tue, Aug 15, 2017 at 11:52:31PM +0200, Toralf Förster wrote:
>>> Does a particular Tor server/client will open more than 1 connection
>>> at a time from to the DirPort ?
>> 
>> I think we definitely want to support that in the protocol.
>> 
>> I'm not sure whether it happens right now, but it might.
>> 
>> But preventing it from happening is likely bad.
>> 
>> Note that most clients use the ORPort for fetching directory stuff,
>> and that's heading towards "all clients" as people upgrade and stop
>> using weird configurations. So the DirPort is mainly used on authorities
>> (by relays that fetch dir stuff or upload relay descriptors), and by
>> auxiliary tools like stem and the various metrics project scripts.
>> 
>> If you're worried about denial of service issues on the DirPort, maybe
>> the simple answer is to turn off the DirPort? I think the only real
>> impact might have something to do with whether old clients believe that
>> you're a usable guard.
>> 
>> --Roger
>> 
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170816/f283f7fd/attachment.html>

More information about the tor-relays mailing list