[tor-talk] Tor 0.3.3.2-alpha is released
nusenu
nusenu-lists at riseup.net
Sat Feb 10 15:20:00 UTC 2018
thank you for this important release!
Nick Mathewson:
> o Major features (denial-of-service mitigation):
> - Give relays some defenses against the recent network overload. We
> start with three defenses (default parameters in parentheses).
> First: if a single client address makes too many concurrent
> connections (>100), hang up on further connections. Second: if a
> single client address makes circuits too quickly (more than 3 per
> second, with an allowed burst of 90) while also having too many
> connections open (3), refuse new create cells for the next while
> (1-2 hours). Third: if a client asks to establish a rendezvous
> point to you directly, ignore the request. These defenses can be
> manually controlled by new torrc options, but relays will also
> take guidance from consensus parameters, so there's no need to
> configure anything manually. Implements ticket 24902.
Do you advise relay operators against using OutboundBindAddress and OutboundBindAddressExit
due to the "is this a relay IP?" check not being able to handle such relays because their
outbound IP does not match their OR IP?
https://trac.torproject.org/projects/tor/ticket/25193
> It is possible to do "tor-in-tor" meaning a tor client connection can exit
> the network and come back at a Guard node.
>
> And if this happens to be detected by the DoS subsystem, we'll blacklist
> the Exit relay for a while. That is *NOT* good.
thank you
--
https://mastodon.social/@nusenu
twitter: @nusenu_
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20180210/a6f301e9/attachment.sig>
More information about the tor-talk
mailing list