[tor-relays] can dirport be disabled on fallback directory?

Felix zwiebel at quantentunnel.de
Sun May 20 08:04:18 UTC 2018


Am 19-May-18 um 16:28 schrieb starlight.2017q4 at binnacle.cx:
> Dirport is a handy convenience, but is not essential to proper
> functioning of the network.  Put a connection rate-limit on
> dirport and it stopped the abuser cold.  Dirport traffic went
> from 15% of total back down to 1-2% where it belongs.
> Nonetheless the questions posed are valid.
> At 12:25 5/18/2018 -0400, starlight.2017q4 at binnacle.cx wrote:
>> Lately seeing escalating abuse traffic on the relay dirport, now up to 20k rotating source IP addresses per week.

It makes sense to rate limit (syn/sec) and connection limit Dirport
usage. I do this since years. The smaller a relay is the more it suffers
from excessive clients.
Can we get the DOS mitigation to perform it? As long as I observe this
issue it behaves like the Orport misuse in the near past.

Cheers, Felix

More information about the tor-relays mailing list