[tor-relays] Traffic in port 9050 in a relay (denial of service attack?)

mick mbm at rlogin.net
Wed Nov 6 12:47:56 UTC 2013


On Wed, 06 Nov 2013 14:00:09 +0200
Lars Noodén <lars.nooden at gmail.com> allegedly wrote:

> On 11/06/2013 01:26 PM, mick wrote:
> > I disagree. Dropping all traffic other than that which is
> > explicitly required is IMHO a better practice. (And how do you know
> > in advance which ports get attacked?)
> 
> Using reject instead of drop simplifies troubleshooting.
> 
> http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject
> 
> Drop tends to get in the way.

Again, I disagree. But I recognise that this can be a religious
decision. My default policy is to drop rather than reject. I know
that strict adherence to standards implies we should “REJECT” with a
helpful ICMP error message. But, doing that can mean that
incoming packets with a spoofed source address can get replies sent
back to that (innocent) source address. DDOS bots exploit this
behaviour. 

I’d rather break standards than help a DDOS bot. :-)

Mick
---------------------------------------------------------------------

 Mick Morgan
 gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F E60B 5BAD D312
 http://baldric.net

---------------------------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20131106/8892f61a/attachment.sig>


More information about the tor-relays mailing list