[tor-relays] Experimental DoS mitigation is in tor master
nusenu
nusenu-lists at riseup.net
Wed Jan 31 09:37:00 UTC 2018
> Thanks for your patience with the relay overload issues.
>
> We've merged https://bugs.torproject.org/24902 into tor git master. We'll
> be putting out an 0.3.3.2-alpha release in not too long for wider testing,
> and eventually backporting it all the way back to 0.2.9, but if you're
> the sort who enjoys running code from git, now is a great time to try it
> and let us know of problems and/or successes.
>
> Here's the changelog stanza:
>
> o Major features:
> - Give relays some defenses against the recent network overload. We
> start with three defenses (default parameters in parentheses).
> First: if a single client address makes too many connections
> (>100), hang up on further connections. Second: if a single client
> address makes circuits too quickly (more than 3 per second, with
> an allowed burst of 90) while also having too many connections open
> (3), refuse new create cells for the next while (1-2 hours). Third:
> if a client asks to establish a rendezvous point to you directly,
> ignore the request. These defenses can be manually controlled
> by new torrc options, but relays will also take guidance from
> consensus parameters, so there's no need to configure anything
> manually. Implements ticket 24902.
>
> To repeat that last part: there are a bunch of torrc options you can
> use to tweak stuff, but you can leave it all at the defaults and it will
> read its instructions out of the consensus parameters:
> https://consensus-health.torproject.org/#consensusparams
And packages for Debian-based OSes are probably in the next nightly master builds
available at https://deb.torproject.org/torproject.org/dists/
--
https://mastodon.social/@nusenu
twitter: @nusenu_
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180131/52712cfc/attachment.sig>
More information about the tor-relays
mailing list