[tor-relays] Short heads up

Neel Chauhan neel at neelc.org
Fri Dec 30 02:46:20 UTC 2022 

On 2022-12-25 00:27, Frank Steinborn via tor-relays wrote:
> Hi friends,
> 
> I made some smaller tweaks over the last few hours which should 
> especially help relays on nearly OOM or thrashing situations (making 
> use of Zswap + MGLRU if available).
> 
> The rules themselves are just the same, so no changes there.

I had an exit relay which was constantly DDoSed. Instance CPU usage was 
40%.

Had the IP change (for another reason tho) and it didn't go away, the 
DDoS targeted that particular fingerprint. That server had two relays, 
one fortunately unaffected.

I ended up just changing the fingerprint for the affected one. Now I 
have to wait for the ramp-up phase, yay!

> Merry christmas,
> Frank

Best,

Neel

> 
> 
> 
> 
> ------- Original Message -------
> On Sunday, December 4th, 2022 at 11:25 PM, Frank Steinborn 
> <steinex at nognu.de> wrote:
> 
> 
>> 
>> 
>> Hi,
>> 
>> I want to show you my anti DDoS solution for my relays (aswell ;-). It 
>> works without ipset, but with a mix of the recent and hashlimit 
>> iptables modules.
>> 
>> What is does:
>> * If one IP address tries to make 7 SYN connection attempts per 
>> second, they are locked out for 300 seconds. If they try another 
>> connection in that timeframe, the timer is reset and they are locked 
>> out for another 300 seconds.
>> * Threre are no more SYNs allowed if 4 connections are already in use 
>> to the ORPort.
>> 
>> It works very well for me. Other solutons are far more aggressive but 
>> I feel my solution works perfectly against the attacks, even if they 
>> are not that aggresive.
>> 
>> On top of that, I feel its more easy to implement into ones existing 
>> firewall solution.
>> 
>> You can find the repo here: https://github.com/steinex/tor-ddos
>> 
>> Feel free to give it a shot and feedback would be much appreciated!
>> 
>> Greetings,
>> steinex
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

More information about the tor-relays mailing list