[tor-relays] botnet? abusing/attacking guard nodes
Toralf Förster
toralf.foerster at gmx.de
Tue Dec 19 18:12:34 UTC 2017
On 12/18/2017 11:10 PM, teor wrote:
> The number of active connections that can be NATed per IP address is
> limited by the number of ports: 65535. (Technically, it's 65535 per
> remote IP address and port, but most NATs don't have that much RAM
> or bandwidth.)
>
> Also, genuine users behind a NAT would likely have multiple Tor and
> non-Tor connections open. And spare ports are needed for NAT to manage
> port churn and the TCP delay wait state on connection close.
>
> To be more precise:
> * if all 65535 connections on an IP were open to the Tor network, and
> * the biggest Tor Guard has 0.91% Guard probability[0], then
> * it would expect to see 597 connections.
good example, Thx teor !
--
Toralf
PGP C4EACDDE 0076E94E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20171219/9629caff/attachment.sig>
More information about the tor-relays
mailing list