[tor-relays] DOS Protection mini RFC
George Hartley
hartley_george at proton.me
Wed Aug 14 17:38:22 UTC 2024
Sorry, slight correction, instead of NIC / network card, I meant the internet connection established by the modem itself.
Same for cable and fiber, but those usually have higher download speed, and that's what it comes down to when facing DoS attacks, how many megabytes an attacker needs to put on the line for it to drop or get null-routed automatically.
On Wednesday, August 14th, 2024 at 3:47 PM, George Hartley via tor-relays <tor-relays at lists.torproject.org> wrote:
> If there is DoS on bridges on domestic connections, or connections with very low throughput, then handling (D)DoS at an application layer becomes futile - it will simply overload the NIC.
>
> But for bridges on at least 100MbE ports, this would be a nice addition.
>
> On Sunday, August 11th, 2024 at 9:20 PM, pasture_clubbed242--- via tor-relays tor-relays at lists.torproject.org wrote:
>
> > Since it is still all fresh in our heads, I wanted to pitch an idea real fast. No idea if it was covered at a tor meeting at some point.
>
> > For bridge relay operators, such as those with very low bandwidth, it may be worth it to keep lower-than-consensus-restrictions using the DOS flags here https://2019.www.torproject.org/docs/tor-manual.html.en#DoSCircuitCreationEnabled -- but this might be higher maintenance though, as keeping up to date with consensus params may be needed often.
>
> > Does it seem worth it or necessary to have a multiplier variable? Like bridges with low bandwidth can set, for example,
>
> > DoSConsensusMultiplier 0.75
>
> > In order to lower all or select values by 75%, rounding up to the nearest whole number or the configured floor value ( perhaps DoSConsensusMultiplierFloor 2 ...?).
>
> > _______________________________________________
> > tor-relays mailing list
> > tor-relays at lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays_______________________________________________
>
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - hartley_george at proton.me - 0xAEE8E00F.asc
Type: application/pgp-keys
Size: 657 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20240814/23f39ba3/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20240814/23f39ba3/attachment.sig>
More information about the tor-relays
mailing list