[tor-relays] Pretty sure our exit was being synflooded
tor at t-3.net
tor at t-3.net
Sun Nov 26 10:06:23 UTC 2017
Thanks for the configuration suggestions. I intentionally set the
conntrack limit high, maybe that was not the best thing. I think I'll
be putting it back.
Removing my extra IPTables code plus adding a reject for :8888 has
made the exit behave properly again.
I wonder if the best possible course of action for this sort of thing
would be within Tor itself. I don't know that it was a single client
connection into Tor that was causing all this trouble, but maybe it
was. One would think that one client should not be allowed to do
something so severe with the TCP that it can single-handedly ruin a
fast exit. Maybe a code change that forces a rate-limit that
significantly slows down the ability of a single client to roll port
scans should be considered by the devs.
More information about the tor-relays
mailing list