[tor-onions] Protect against ddos in tor
coderman
coderman at gmail.com
Tue Feb 9 07:01:36 UTC 2016
On 2/9/16, Ann O'Nymous <ann.onymous at vfemail.net> wrote:
> ...
> Wouldn't torloris or pyloris work against that too?
>
> Are these attacks still effective against onion sites? If so, what are
> the best defenses? One can reduce webserver read and write idle times,
> but that can also block legitimate users on high latency circuits. There
> is also the flag CloseHSServiceRendCircuitsImmediatelyOnTimeout. Is it
> useful to set that to "1"?
manage sessions and lifetimes carefully; don't use apache; tune
limits.conf and sysctl; disable conntrack in kernel network filters
(if applicable); ...
most important - test before you set live!
know that your onion will survive a modest torrent by measuring it
under test first.
also,
https://trac.torproject.org/projects/tor/attachment/ticket/8902/torhs-pyloris-nov9.tgz
:)
best regards,
More information about the tor-onions
mailing list