[tor-talk] Tor 0.3.3.2-alpha is released

[nusenu]

thank you for this important release!

Nick Mathewson:
>   o Major features (denial-of-service mitigation):
>     - Give relays some defenses against the recent network overload. We
>       start with three defenses (default parameters in parentheses).
>       First: if a single client address makes too many concurrent
>       connections (>100), hang up on further connections. Second: if a
>       single client address makes circuits too quickly (more than 3 per
>       second, with an allowed burst of 90) while also having too many
>       connections open (3), refuse new create cells for the next while
>       (1-2 hours). Third: if a client asks to establish a rendezvous
>       point to you directly, ignore the request. These defenses can be
>       manually controlled by new torrc options, but relays will also
>       take guidance from consensus parameters, so there's no need to
>       configure anything manually. Implements ticket 24902.


Do you advise relay operators against using OutboundBindAddress and OutboundBindAddressExit
due to the "is this a relay IP?" check not being able to handle such relays because their
outbound IP does not match their OR IP?

https://trac.torproject.org/projects/tor/ticket/25193
> It is possible to do "tor-in-tor" meaning a tor client connection can exit
>  the network and come back at a Guard node.
> 
>  And if this happens to be detected by the DoS subsystem, we'll blacklist
>  the Exit relay for a while. That is *NOT* good.

thank you


-- 
https://mastodon.social/@nusenu
twitter: @nusenu_

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20180210/a6f301e9/attachment.sig>