[tor-relays] botnet? abusing/attacking guard nodes
teor
teor2345 at gmail.com
Mon Dec 18 22:10:06 UTC 2017
> On 19 Dec 2017, at 08:38, Toralf Förster <toralf.foerster at gmx.de> wrote:
>
> On 12/17/2017 10:24 PM, teor wrote:
>> Using 256 per IP is probably reasonable.
>
> Is this a rather arbitrary limit or does this limit fit the use of NATed addresses entirely ?
That's an arbitrary safe upper bound.
The number of active connections that can be NATed per IP address is
limited by the number of ports: 65535. (Technically, it's 65535 per
remote IP address and port, but most NATs don't have that much RAM
or bandwidth.)
Also, genuine users behind a NAT would likely have multiple Tor and
non-Tor connections open. And spare ports are needed for NAT to manage
port churn and the TCP delay wait state on connection close.
To be more precise:
* if all 65535 connections on an IP were open to the Tor network, and
* the biggest Tor Guard has 0.91% Guard probability[0], then
* it would expect to see 597 connections.
Feel free to do the sums for your own guard's probability.
(We are aware of the issue, and we are working on a more permanent fix.)
[0]: https://atlas.torproject.org/#details/9844B981A80B3E4B50897098E2D65167E6AEF127
T
--
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20171219/ef7023fe/attachment.sig>
More information about the tor-relays
mailing list