[tor-relays] Checking dos mitigation
Felix
zwiebel at quantentunnel.de
Wed Feb 14 05:35:51 UTC 2018
Thanks for looking into this
Am 14-Feb-18 um 00:25 schrieb teor:
>
>> On 14 Feb 2018, at 07:27, Felix <zwiebel at quantentunnel.de> wrote:
>>
> You can adjust these options without recompiling using the
> DoS* torrc options from the man page:
> https://gitweb.torproject.org/tor.git/tree/doc/tor.1.txt#n2755
>
> Otherwise, your relay will use the options from the consensus.
I avoided using the consensus driven values for the moment and hardcoded
the settings.
>> 1) Drops off consensus for 1-2hours and returns w/o hsdir:
>> DOS_CC_CIRCUIT_BURST_DEFAULT 90
>> DOS_CONN_MAX_CONCURRENT_COUNT_DEFAULT 100
>> FW: 20 connects per /32 ip, rate limited to 3 per sec.
>
> This happened to 1/6 of my guards too, we're trying to track down
> the cause in #24902.
>
> It seems to happen by chance, otherwise, the lower settings
> would cause it too.
>
> Your firewall may be responsible, my relay went back into the
> consensus once I changed my firewall.
>
To 24902#comment:73
Not only with the new code. It was observed with 32x even more often
laxer fw settings. What brings me to the early conclusion that in this
case 90/100 on 33x acts similar to 32x. 50/50 on 33x does not show it.
--
Cheers, Felix
More information about the tor-relays
mailing list