any middlemen seeing DoS currently?
Hans Schnehl
torvallenator at gmail.com
Fri Nov 7 16:02:16 UTC 2008
On Fri, Nov 07, 2008 at 02:49:47PM +0100, Eugen Leitl wrote:
> On Fri, Nov 07, 2008 at 02:10:32PM +0100, Olaf Selke wrote:
> > Eugen Leitl wrote:
> > > I've seen continuous table state increase since about >3.5 hours.
> > > It went up from 1 k baseline to 5 k.
> > >
> > > Anyone else seeing this?
> >
> > yes, the same here
>
> Anyone knows which kind of attack that is? Any suggestions
> how to block it (pf here) yet?
you may set the timeout values in pf.conf to rather low values.
Actually I start wondering if larger values are of any use anyway.
maybe like:
-----------------------------
set timeout interval 2
set timeout frag 5
set timeout tcp.first 5
set timeout tcp.opening 5
set timeout tcp.established 600
set timeout tcp.closing 5
set timeout tcp.finwait 3
set timeout tcp.closed 5
------------------------------
besides the default.
this will kick yourself too if the line is idle for too long.
Hans
More information about the tor-talk
mailing list