[tor-relays] Experimental DoS mitigation is in tor master

Roger Dingledine arma at mit.edu
Wed Jan 31 09:16:52 UTC 2018

Hi folks,

Thanks for your patience with the relay overload issues.

We've merged https://bugs.torproject.org/24902 into tor git master. We'll
be putting out an release in not too long for wider testing,
and eventually backporting it all the way back to 0.2.9, but if you're
the sort who enjoys running code from git, now is a great time to try it
and let us know of problems and/or successes.

Here's the changelog stanza:

  o Major features:
    - Give relays some defenses against the recent network overload. We
      start with three defenses (default parameters in parentheses).
      First: if a single client address makes too many connections
      (>100), hang up on further connections. Second: if a single client
      address makes circuits too quickly (more than 3 per second, with
      an allowed burst of 90) while also having too many connections open
      (3), refuse new create cells for the next while (1-2 hours). Third:
      if a client asks to establish a rendezvous point to you directly,
      ignore the request. These defenses can be manually controlled
      by new torrc options, but relays will also take guidance from
      consensus parameters, so there's no need to configure anything
      manually. Implements ticket 24902.

To repeat that last part: there are a bunch of torrc options you can
use to tweak stuff, but you can leave it all at the defaults and it will
read its instructions out of the consensus parameters:


More information about the tor-relays mailing list