[tor-relays] blocking >1 connections per ip address onto Tor DirPort
teor
teor2345 at gmail.com
Wed Aug 23 00:15:12 UTC 2017
> On 16 Aug 2017, at 14:22, tor <tor at anondroid.com> wrote:
>
> > Note that most clients use the ORPort for fetching directory stuff, and
> > that's heading towards "all clients" as people upgrade and stop using weird
> > configurations.
>
> > If you're worried about denial of service issues on the DirPort, maybe the
> > simple answer is to turn off the DirPort? I think the only real impact might
> > have something to do with whether old clients believe that you're a usable
> > guard.
>
> What about fallback directory mirrors?
> Does fallback traffic go over the ORPort too?
Bootstrapping clients always use the ORPort to talk to fallbacks.
(Both features were introduced in 0.2.8.)
Bootstrapping relays use the DirPort to talk to fallbacks.
> Is it safe to disable the DirPort on a fallback relay?
If you disable the DirPort, the fallback will be excluded when we next
rebuild the list.
We are working on ORPort-only fallbacks, but it's low priority, because
the existing system works.
To make it work, we need to:
#18856: teach stem to talk ORPort so we can check the fallback, and
#19129: modify the fallback checking script to allow ORPort-only fallbacks
T
--
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170823/139817f1/attachment.sig>
More information about the tor-relays
mailing list