[tor-relays] blocking >1 connections per ip address onto Tor DirPort
Toralf Förster
toralf.foerster at gmx.de
Wed Aug 16 17:00:02 UTC 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 08/16/2017 12:22 AM, Roger Dingledine wrote:
> On Tue, Aug 15, 2017 at 11:52:31PM +0200, Toralf Förster wrote:
>> Does a particular Tor server/client will open more than 1
>> connection at a time from to the DirPort ?
>
> I think we definitely want to support that in the protocol.
>
> I'm not sure whether it happens right now, but it might.
>
> But preventing it from happening is likely bad.
>
> Note that most clients use the ORPort for fetching directory
> stuff, and that's heading towards "all clients" as people upgrade
> and stop using weird configurations. So the DirPort is mainly used
> on authorities (by relays that fetch dir stuff or upload relay
> descriptors), and by auxiliary tools like stem and the various
> metrics project scripts.
>
> If you're worried about denial of service issues on the DirPort,
> maybe the simple answer is to turn off the DirPort? I think the
> only real impact might have something to do with whether old
> clients believe that you're a usable guard.
>
understood - removed those iptables rules
- --
Toralf
PGP C4EACDDE 0076E94E
-----BEGIN PGP SIGNATURE-----
iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWZR6CxccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTgNjAP0QUqGlvZdmppzthH85VXkS43xO
iQRyNlODzRe5Jf9TpgD+JX+/bCuuOH/qh+Jdd9GrDBJZ9uvjtQX3OKF9C+u9oKo=
=9bQM
-----END PGP SIGNATURE-----
More information about the tor-relays
mailing list