[tor-relays] Reapply exit policy on reload
boldsuck
lists at for-privacy.net
Fri Aug 9 18:59:14 UTC 2024
On Mittwoch, 7. August 2024 14:30:27 CEST George Hartley via tor-relays wrote:
> This is already impossible, as both circuit and concurrent connection DoS
> both gets detected and the IP in question flagged and blacklisted.
No.
DoS has been a topic of conversation at nearly all relay meetings for over 2
years. Enkidu and Toralf have developed Tor-ddos IPtables rules for the
community. Article10 specifically for Tor exits and trinity has developed the
patch.
https://gitlab.torproject.org/tpo/core/tor/-/issues/40676
Roger, Mike, Nick and Perry certainly wouldn't have let Trinity develop the
feature if the current DoS mitigations in Tor had helped.
> Please see the manual on this:
>
> https://2019.www.torproject.org/docs/tor-manual.html.en#DoSCircuitCreationEn
> abled
This is a client to relay detection only. "auto" means use the consensus
parameter. (Default: auto)
It _is_ defined in the consensus:
https://consensus-health.torproject.org/#consensusparams
> > Example: 500K connections from IP 1.2.3.4
These are numbers from reality and not fantasy.
AFAIK, Article10 and relayon already had 1,000,000 connections per IP!
--
╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 3872 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20240809/74bdab43/attachment.sig>
More information about the tor-relays
mailing list