[tor-relays] Experimental DoS mitigation is in tor master
Roger Dingledine
arma at mit.edu
Wed Jan 31 09:16:52 UTC 2018
Hi folks,
Thanks for your patience with the relay overload issues.
We've merged https://bugs.torproject.org/24902 into tor git master. We'll
be putting out an 0.3.3.2-alpha release in not too long for wider testing,
and eventually backporting it all the way back to 0.2.9, but if you're
the sort who enjoys running code from git, now is a great time to try it
and let us know of problems and/or successes.
Here's the changelog stanza:
o Major features:
- Give relays some defenses against the recent network overload. We
start with three defenses (default parameters in parentheses).
First: if a single client address makes too many connections
(>100), hang up on further connections. Second: if a single client
address makes circuits too quickly (more than 3 per second, with
an allowed burst of 90) while also having too many connections open
(3), refuse new create cells for the next while (1-2 hours). Third:
if a client asks to establish a rendezvous point to you directly,
ignore the request. These defenses can be manually controlled
by new torrc options, but relays will also take guidance from
consensus parameters, so there's no need to configure anything
manually. Implements ticket 24902.
To repeat that last part: there are a bunch of torrc options you can
use to tweak stuff, but you can leave it all at the defaults and it will
read its instructions out of the consensus parameters:
https://consensus-health.torproject.org/#consensusparams
Woo,
--Roger
More information about the tor-relays
mailing list