[tor-relays] We're trying out guard-n-primary-guards-to-use=2
Toralf Förster
toralf.foerster at gmx.de
Mon Jul 11 10:54:59 UTC 2022
On 7/10/22 22:28, Logforme wrote:
> A week ago I implemented connection limits per Toralf's post:
> iptables -A INPUT -p tcp --destination-port 443 -m connlimit
> --connlimit-mask 32 --connlimit-above 30 -j DROP
> This reduced the number of connections to about 10000.
>
> I just now noticed that the relay is flagged as overloaded. What to do?
> Decrease the connection limit from 32 to .. what?
> Decrease my RelayBandwidthRate even more? Seems like giving in to the DoSer.
>
There're still about 200-300 VPS systems DDoS'ing my 2 Tor relays.
The iptables rule halfs the pressure.
I could nearly fully stop the DDoS by using [1].
[1] https://github.com/toralf/torutils/blob/master/ddos-inbound.sh
--
Toralf
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20220711/38b6c7cf/attachment.sig>
More information about the tor-relays
mailing list