[tor-talk] Tor is released

nusenu nusenu-lists at riseup.net
Sat Feb 10 15:20:00 UTC 2018

thank you for this important release!

Nick Mathewson:
>   o Major features (denial-of-service mitigation):
>     - Give relays some defenses against the recent network overload. We
>       start with three defenses (default parameters in parentheses).
>       First: if a single client address makes too many concurrent
>       connections (>100), hang up on further connections. Second: if a
>       single client address makes circuits too quickly (more than 3 per
>       second, with an allowed burst of 90) while also having too many
>       connections open (3), refuse new create cells for the next while
>       (1-2 hours). Third: if a client asks to establish a rendezvous
>       point to you directly, ignore the request. These defenses can be
>       manually controlled by new torrc options, but relays will also
>       take guidance from consensus parameters, so there's no need to
>       configure anything manually. Implements ticket 24902.

Do you advise relay operators against using OutboundBindAddress and OutboundBindAddressExit
due to the "is this a relay IP?" check not being able to handle such relays because their
outbound IP does not match their OR IP?

> It is possible to do "tor-in-tor" meaning a tor client connection can exit
>  the network and come back at a Guard node.
>  And if this happens to be detected by the DoS subsystem, we'll blacklist
>  the Exit relay for a while. That is *NOT* good.

thank you

twitter: @nusenu_

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20180210/a6f301e9/attachment.sig>

More information about the tor-talk mailing list