[tor-relays] DDOS alerts from my provider
Toralf Förster
toralf.foerster at gmx.de
Sun Jul 14 13:54:45 UTC 2024
On 7/12/24 00:14, boldsuck wrote:
> The idea is not bad. But can you simply discard every ≤ 50byte packet?
Probably not
> I drop fragments and uncommon TCP MSS values.
> ip frag-off & 0x1fff != 0 counter drop
IIUC then using conntrack via iptables means that this filter cannot be
implemented, right?
> tcp flags syn tcp option maxseg size 1-536 counter drop
Is 536 == 514 + 22 (Tor packet size + ip header) ? It is my
understanding that Tor send out TCP/IP small packets beside the 514
bytes sized.
--
Toralf
More information about the tor-relays
mailing list