[tor-relays] DoSer is back, Tor dev's please consider
tor
tor at anondroid.com
Fri Mar 23 03:20:54 UTC 2018
> Suggestion: DoSCircuitCreationMinConnections=1 be established in consensus
The man page for the above option says:
"Minimum threshold of concurrent connections before a client address can be flagged as executing a circuit creation DoS. In other words, once a client address reaches the circuit rate and has a minimum of NUM concurrent connections, a detection is positive. "0" means use the consensus parameter. If not defined in the consensus, the value is 3. (Default: 0)"
Reading this, I get the impression that lowering the value to 1 would negatively impact clients behind carrier NAT. Isn't that the case? If we only allow 1 concurrent connection per IP, wouldn't that prevent multiple users behind a single IP? I would think the same problem would apply to lowering DoSConnectionMaxConcurrentCount as well (which I think is currently 50 in the consensus, but I've seen suggestions to lower it to 4).
Am I misunderstanding?
More information about the tor-relays
mailing list