Tor and NNTP
Matt Ghali
matt at snark.net
Sun Nov 5 19:23:48 UTC 2006
On Fri, 3 Nov 2006, Aioe wrote:
> In order to avoid SYN DDOS and floods, my server accepts only a determinate
> number of daily connections and bytes per IP. Trespassers are banned for a
> day. While a single (end) proxy serves a single client the total activity
> generated on my host by that tor router usually remains under this limit.
> When more than a client uses the same proxy, often that tor router exceeds
> those values because the barrier is calibrated assuming a single client per
> IP. Every IP can also post only 25 messages per day which is a reasonable
> limit for a single client but it isn't enough when multiple users share the
> same IP.
There is a fundamental flaw in this assumption that will cause you
problems with a much larger user set than just tor users. Your
assumptions on a 1:1 mapping of users to ip addresses also break for
populations behind NAT. Sometimes entire organizations or networks
appear to the public internet as a single set of proxy/NAT
addresses, and your accounting method breaks for this set as well.
While explicitly permitting Tor routers is a step in the right
direction, you're going to run into the same problems with natted
users, and that will be a tougher nut to crack.
good luck,
matto
--matt at snark.net------------------------------------------<darwin><
Moral indignation is a technique to endow the idiot with dignity.
- Marshall McLuhan
More information about the tor-talk
mailing list