[tor-relays] DoS attacks on multiple relays
Aneesh Dogra
lionaneesh at gmail.com
Tue Dec 5 11:24:24 UTC 2017
Interesting to see. I have similar stats. 10 connections from
188.214.30.0/24, second up 8 connections from 178.16.208.0/24. Thanks!
On Tue, Dec 5, 2017 at 4:27 PM, x9p <tor at x9p.org> wrote:
>
> first measure on a good day how many connection per /24 your exit/relay
> have, excluding these with 1 2 or just 3 connections:
>
> # netstat -tupan | grep ESTABLISHED | grep /tor | awk '{print $5}' | awk
> -F: '{print $1}' | awk -F. '{print $1"."$2"."$3}' | sort | uniq -c | sort
> | egrep -v ' 1 | 2 | 3 '
>
> with this information in hand, double the max of it (mine was 10
> connections from 188.214.30.0/24):
>
> 10 188.214.30
>
> iptables -A INPUT -i eth0 -p tcp -m connlimit --connlimit-above 20
> --connlimit-mask 24 -j REJECT --reject-with tcp-reset
>
> cheers.
>
> x9p
>
> >> connlimit per /24. it does more good than evil.
> >
> > Any guidance on the specifics? Like how many concurrent connections to
> > allow per /24? Not sure what's expected from legitimate user traffic
> > through the relay... don't want to make things worse.
> > _______________________________________________
> > tor-relays mailing list
> > tor-relays at lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
--
Regardless, I hope you're well and happy -
Aneesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20171205/42a5f6d5/attachment-0001.html>
More information about the tor-relays
mailing list