[tor-dev] [PATCH] Defences against the recent hidden service DoS attacks
Yawning Angel
yawning at schwanenlied.me
Thu May 21 15:22:08 UTC 2015
Hello,
Some minor notes...
On Wed, 20 May 2015 20:03:38 +0100
George Kadianakis <desnacked at riseup.net> wrote:
> == Instructions ==
>
> Our patch is not in an official Tor release yet, so you will need to
> use an unofficial git branch:
>
> https://trac.torproject.org/projects/tor/ticket/16052#comment:18
The configuration parameters are now in master (aka 0.2.7.1-alpha-dev).
It's likely that a 0.2.6.x backport will happen, but feedback would
play an instrumental part in ensuring that happens (either as a reply,
or by commenting on the trac ticket).
> Next, an operator who wants to deploy this experimental fix, should
> first figure out how many simultaneous TCP connections a normal client
> would establish. For example, an IRC server would probably not need
> more than 1 simultaneous connection per user. A web server, depending
> on the use, might need something between 6 to 12 (?) simultaneous
> connections.
Per discussion with the Tor Browser developers, I have been told that 6
is the correct number for http content, and that if there are any more
streams associated with a Tor Browser user accessing a site, it would
be a Tor Browser bug.
Other browsers/protocols may require a higher or lower limit. A
warning is logged periodically (rate limited to avoid log spam/clutter)
if circuits exceed the limit, so adjusting the parameter should be
relatively straight forward.
Regards,
--
Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150521/6d1a5cd5/attachment.sig>
More information about the tor-dev
mailing list