[tor-relays] Checking dos mitigation
zwiebel at quantentunnel.de
Wed Feb 14 05:35:51 UTC 2018
Thanks for looking into this
Am 14-Feb-18 um 00:25 schrieb teor:
>> On 14 Feb 2018, at 07:27, Felix <zwiebel at quantentunnel.de> wrote:
> You can adjust these options without recompiling using the
> DoS* torrc options from the man page:
> Otherwise, your relay will use the options from the consensus.
I avoided using the consensus driven values for the moment and hardcoded
>> 1) Drops off consensus for 1-2hours and returns w/o hsdir:
>> DOS_CC_CIRCUIT_BURST_DEFAULT 90
>> DOS_CONN_MAX_CONCURRENT_COUNT_DEFAULT 100
>> FW: 20 connects per /32 ip, rate limited to 3 per sec.
> This happened to 1/6 of my guards too, we're trying to track down
> the cause in #24902.
> It seems to happen by chance, otherwise, the lower settings
> would cause it too.
> Your firewall may be responsible, my relay went back into the
> consensus once I changed my firewall.
Not only with the new code. It was observed with 32x even more often
laxer fw settings. What brings me to the early conclusion that in this
case 90/100 on 33x acts similar to 32x. 50/50 on 33x does not show it.
More information about the tor-relays