[tor-relays] DDOS alerts from my provider
boldsuck
lists at for-privacy.net
Thu Jul 11 22:14:29 UTC 2024
On Mittwoch, 10. Juli 2024 18:34:26 CEST Toralf Förster via tor-relays wrote:
> > https://www.petsymposium.org/foci/2024/foci-2024-0014.php
Very interesting, thanks.
> After reading that paper I do wonder if a firewall rule would work which
> drops network packets with destination to the ORport if those packets
> are shorter than a given length?
The idea is not bad. But can you simply discard every ≤ 50byte packet?
I drop fragments and uncommon TCP MSS values.
ip frag-off & 0x1fff != 0 counter drop
tcp flags syn tcp option maxseg size 1-536 counter drop
By the way, I actually wanted to write it as a Github issue.
You have to adjust your Dir-auth IP's in iptables.
IP of dizum has changed and faravahar is back ;-)
--
╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 3872 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20240712/00081242/attachment.sig>
More information about the tor-relays
mailing list