[tor-relays] can dirport be disabled on fallback directory?
Felix
zwiebel at quantentunnel.de
Sun May 20 08:04:18 UTC 2018
Hi
Am 19-May-18 um 16:28 schrieb starlight.2017q4 at binnacle.cx:
> Dirport is a handy convenience, but is not essential to proper
> functioning of the network. Put a connection rate-limit on
> dirport and it stopped the abuser cold. Dirport traffic went
> from 15% of total back down to 1-2% where it belongs.
>
> Nonetheless the questions posed are valid.
>
> At 12:25 5/18/2018 -0400, starlight.2017q4 at binnacle.cx wrote:
>> Lately seeing escalating abuse traffic on the relay dirport, now up to 20k rotating source IP addresses per week.
>>
It makes sense to rate limit (syn/sec) and connection limit Dirport
usage. I do this since years. The smaller a relay is the more it suffers
from excessive clients.
Can we get the DOS mitigation to perform it? As long as I observe this
issue it behaves like the Orport misuse in the near past.
--
Cheers, Felix
More information about the tor-relays
mailing list