[tor-relays] Checking dos mitigation

Felix zwiebel at quantentunnel.de
Wed Feb 14 05:35:51 UTC 2018

Thanks for looking into this

Am 14-Feb-18 um 00:25 schrieb teor:
>> On 14 Feb 2018, at 07:27, Felix <zwiebel at quantentunnel.de> wrote:
> You can adjust these options without recompiling using the
> DoS* torrc options from the man page:
> https://gitweb.torproject.org/tor.git/tree/doc/tor.1.txt#n2755
> Otherwise, your relay will use the options from the consensus.

I avoided using the consensus driven values for the moment and hardcoded
the settings.

>> 1) Drops off consensus for 1-2hours and returns w/o hsdir:
>> FW: 20 connects per /32 ip, rate limited to 3 per sec.
> This happened to 1/6 of my guards too, we're trying to track down
> the cause in #24902.
> It seems to happen by chance, otherwise, the lower settings
> would cause it too.
> Your firewall may be responsible, my relay went back into the
> consensus once I changed my firewall.

To 24902#comment:73
Not only with the new code. It was observed with 32x even more often
laxer fw settings. What brings me to the early conclusion that in this
case 90/100 on 33x acts similar to 32x. 50/50 on 33x does not show it.

Cheers, Felix

More information about the tor-relays mailing list