[tor-relays] Performance issues/DoS from outgoing Exit connections
lists at for-privacy.net
lists at for-privacy.net
Sun Oct 23 10:43:53 UTC 2022
On Samstag, 22. Oktober 2022 22:40:38 CEST Toralf Förster wrote:
> On 10/21/22 22:09, Alexander Dietrich wrote:
> > This is still experimental, so if you decide to give the script a try,
> > please keep an eye on it.
>
> IMO a "reload tor" is fully sufficient and should be preferrred over
> "restart", or ?
>
> Years ago I wrote a bash script, which created for an ip to be blocked
> just an own file. Such a file can be easily removed and then tor
> reloaded to unblock that ip ;)
Just tested because Applied Privacy and I have the problem that the exit
policy rules do not work with some IPs¹.
Last night at 10pm: IP 79.137.192.228 had 500k connections. Added the IP to
the exit policy and reloaded tor.
Policy in that order:
ExitPolicy reject 79.137.192.228/32:*
ExitPolicy reject *:22
ExitPolicy reject *:25
ExitPolicy accept *:*
12 hours later the IP still has over 100k connections.
-> systemctl restart tor
1 hour later the IP has 0 connections :-)
¹https://gitlab.torproject.org/tpo/core/tor/-/issues/40676
--
╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 3831 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20221023/85238154/attachment.sig>
More information about the tor-relays
mailing list