[tor-relays] Relays spamming my OR port

Andreas Kempe kempe at lysator.liu.se
Fri Aug 19 13:40:32 UTC 2022 

On Thu, Aug 18, 2022 at 06:19:06PM +0200, lists at for-privacy.net wrote:
> On Mittwoch, 17. August 2022 19:31:48 CEST Logforme wrote:
> > I run the relay 8F6A78B1EA917F2BF221E87D14361C050A70CCC3
> > 
> > I have tried to mitigate the current DoS by implemented connection
> > limits in my iptables using Toralf's template: More than 25 connection
> > during 10 mins and you end up on my naughty list.
> > Lots of connection attempts from the naughty list dropped but still my
> > relay gets "overloaded"
> > 
> > However, I have noticed that a few relays also end up on the naughty
> > list, and I wonder how that can happen. My understanding is that a relay
> > will only open 1 connection to another relay so should therefore never
> > end up on the list. Correct?
> 
> 10, 20 or more users can have set up the circuits using the same relays.
> kantorkel's Article10 relays have more than 100 connections per IP to me.
> 
> On my smaller relays I allow 100 connections per IP:
> https://privatebin.deblan.org/?b4768471c3c9e7ef#EhDETgMKQRvpL6VwH7ABE3bN2cuM68PRVj3fmmAC8k54
> 
> But I can't use that on the big servers because Linux kernel “conntrack” tables and nftables sets only have 65535 entries.
> See: The dark side of using conntrack
> https://blog.cloudflare.com/conntrack-tales-one-thousand-and-one-flows/
> 

Is your 65535 limit self-imposed? I'm running a server, that is not
Tor related, on Linux where I was hitting conntrack table limits so I
increased the limit by setting net.nf_conntrack_max=500000 since I
have memory to spare.

As far as I'm aware, there is no hard limit in the kernel as long as
you have memory for it.

> > D767979FE4C99D310A46EC49037E9FE7E3F64E9D is a particularly frequent
> > naughty boy.
> ;-)  It is very, very unlikely that there is a naughty relay in AS680.
> That relay most likely does DNS-, BW- or network healing test in the Tor network.
> https://metrics.torproject.org/rs.html#search/as:AS680
> (German university or research institutes)
> 
> > I guess my real question is if these connections are legit and I'm
> > hurting the Tor network by using connection limits?
> Yes, never block other relays.
> If you think there is somewhere a malicious relay, report it on bad-relay or in this list.
> 
> 
> -- 
> ╰_╯ Ciao Marco!
> 
> Debian GNU/Linux
> 
> It's free software and it gives you freedom!



> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

More information about the tor-relays mailing list