[tor-relays] short conntrack DDoS attack
Toralf Förster
toralf.foerster at gmx.de
Tue Aug 8 07:21:56 UTC 2023
Few days ago the throughput of my Tor relay went down to nearly zero for
about 3 minutes. It turned out that the reason (maybe) was a change here
in my iptables rules. Especially I switched these 2 lines:
iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
and run then few hours later into problems. And switched back ofc.
An explanation for the dropdown was given in [1]. Given that the
explanation is right:
How is the Tor application harmed if an attacker mangles packets so that
the state of them are INVALID for the conntrack module but they do pass
the RELATED,ESTABLISHED rule ?
[1] https://forums.gentoo.org/viewtopic-p-8798034.html
--
Toralf
More information about the tor-relays
mailing list