[tor-relays] Experimental DoS mitigation is in tor master - log entry

Felix zwiebel at quantentunnel.de
Thu Feb 1 05:25:03 UTC 2018


Hi everbody

Am 31-Jan-18 um 10:16 schrieb Roger Dingledine:
> now is a great time to try it and let us know of 
> problems and/or successes.

Currently just success. NTor is still pretty high, circuits and TAP
'normal'. cpu is difficult to say, still pumping lots of circuits
anyway. Settings are consensus related.

Two guards running since 6 hours and both show like:
DoS mitigation since startup:
19085 circuits rejected, 14 marked addresses.
0 connections closed. 12 single hop clients refused.

A middle (is long term guard and will get flag back soon)
running since 10 hours shows:
DoS mitigation since startup:
67877 circuits rejected, 6 marked addresses.
0 connections closed. 263 single hop clients refused.

All are Freebsd and behind firewall, still: 20 connects per /32 ip, rate
limited to 3 per sec. Immediate connection flushing, multi relay shared
blocking table. Blocking duration 1 day per ip.

Going to reduce fw after 24 hours step-by-step.

Thanks for the nice peace of software!

-- 
Cheers, Felix


More information about the tor-relays mailing list