[tor-relays] Reapply exit policy on reload
George Hartley
hartley_george at proton.me
Sat Aug 10 03:25:51 UTC 2024
P.S:
If this is a client to guard detection only, then why does my exit node also block a significant amount of DoS (I had around the same statistics when my guard probability fraction was still zero, so clearly something is working):
> Aug 09 21:08:36 matrix tor[XXX]: Aug 09 21:08:36.000 [notice] Heartbeat: DoS mitigation since startup: 6 circuits killed with too many cells, 865308797 circuits rejected, 691 marked addresses, 0 marked addresses for max queue, 0 same address concurrent connections rejected, 0 connections rejected, 0 single hop clients refused, 0 INTRODUCE2 rejected.
Thank you,
George
On Friday, August 9th, 2024 at 8:59 PM, boldsuck lists at for-privacy.net wrote:
> On Mittwoch, 7. August 2024 14:30:27 CEST George Hartley via tor-relays wrote:
>
> > This is already impossible, as both circuit and concurrent connection DoS
> > both gets detected and the IP in question flagged and blacklisted.
>
> No.
> DoS has been a topic of conversation at nearly all relay meetings for over 2
> years. Enkidu and Toralf have developed Tor-ddos IPtables rules for the
> community. Article10 specifically for Tor exits and trinity has developed the
> patch.
>
> https://gitlab.torproject.org/tpo/core/tor/-/issues/40676
> Roger, Mike, Nick and Perry certainly wouldn't have let Trinity develop the
> feature if the current DoS mitigations in Tor had helped.
>
> > Please see the manual on this:
> >
> > https://2019.www.torproject.org/docs/tor-manual.html.en#DoSCircuitCreationEn
> > abled
>
> This is a client to relay detection only. "auto" means use the consensus
> parameter. (Default: auto)
> It is defined in the consensus:
> https://consensus-health.torproject.org/#consensusparams
>
> > > Example: 500K connections from IP 1.2.3.4
>
> These are numbers from reality and not fantasy.
> AFAIK, Article10 and relayon already had 1,000,000 connections per IP!
>
> --
> ╰_╯ Ciao Marco!
>
> Debian GNU/Linux
>
> It's free software and it gives you freedom!_______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20240810/6eba6f29/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - hartley_george at proton.me - 0xAEE8E00F.asc
Type: application/pgp-keys
Size: 657 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20240810/6eba6f29/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20240810/6eba6f29/attachment-0001.sig>
More information about the tor-relays
mailing list