Tor and NNTP

Aioe estasi at aioe.org
Fri Nov 3 15:56:40 UTC 2006


I'm the owner of a large *public* news server (see http://news.aioe.org/ )  
which allows a (restricted)  read and write access to USENET groups without 
requiring an authentication. I'm also a novice with Tor. An increasing number 
of tor users is choosing my server for reading and posting on USENET. 
In order to avoid SYN DDOS and floods, my server accepts only a determinate 
number of daily connections and bytes per IP. Trespassers are banned for a 
day. While a single (end) proxy serves a single client the total activity 
generated on my host by that tor router usually remains under this limit. 
When more than a client uses the same proxy, often that tor router exceeds 
those values because the barrier is calibrated assuming a single client per 
IP. Every IP can also post only 25 messages per day which is a reasonable 
limit for a single client but it isn't enough when multiple users share the 
same IP.
Therefore sometimes some tor proxy is banned from my server due an excessive 
number of connections, bytes or posts.
I need a (server side) way to separate the tor users from the other ones: is 
this possible?
I'm supposing to setup an "hidden service" which redirects all tor users to a 
non default *local* NNTP port in order to treat them differently from the 
other clients. In this way, when the tor users access the server from the 
main DNS system (as nntp.aioe.org) they're still subjected to the standard 
rules that are applied to all clients but when they use the .onion domain a 
different (less restrictive) policy can be applied to them.  Is this a right 
way? 
If so, does tor allow to be configured in order to handle only my "hidden 
service" without providing any other tor service (my ISP doesn't like proxy 
and i've not much bandwidth)?

greetings

Paolo Amoroso (Aioe)



More information about the tor-talk mailing list