[tor-relays] Experimental DoS mitigation is in tor master

nusenu nusenu-lists at riseup.net
Wed Jan 31 09:37:00 UTC 2018

> Thanks for your patience with the relay overload issues.
> We've merged https://bugs.torproject.org/24902 into tor git master. We'll
> be putting out an release in not too long for wider testing,
> and eventually backporting it all the way back to 0.2.9, but if you're
> the sort who enjoys running code from git, now is a great time to try it
> and let us know of problems and/or successes.
> Here's the changelog stanza:
>   o Major features:
>     - Give relays some defenses against the recent network overload. We
>       start with three defenses (default parameters in parentheses).
>       First: if a single client address makes too many connections
>       (>100), hang up on further connections. Second: if a single client
>       address makes circuits too quickly (more than 3 per second, with
>       an allowed burst of 90) while also having too many connections open
>       (3), refuse new create cells for the next while (1-2 hours). Third:
>       if a client asks to establish a rendezvous point to you directly,
>       ignore the request. These defenses can be manually controlled
>       by new torrc options, but relays will also take guidance from
>       consensus parameters, so there's no need to configure anything
>       manually. Implements ticket 24902.
> To repeat that last part: there are a bunch of torrc options you can
> use to tweak stuff, but you can leave it all at the defaults and it will
> read its instructions out of the consensus parameters:
> https://consensus-health.torproject.org/#consensusparams

And packages for Debian-based OSes are probably in the next nightly master builds
available at https://deb.torproject.org/torproject.org/dists/

twitter: @nusenu_

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180131/52712cfc/attachment.sig>

More information about the tor-relays mailing list