[tor-relays] Short heads up

Georg Koppen gk at torproject.org
Mon Jan 9 18:27:27 UTC 2023 

Neel Chauhan:
> On 2022-12-25 00:27, Frank Steinborn via tor-relays wrote:
>> Hi friends,
>>
>> I made some smaller tweaks over the last few hours which should 
>> especially help relays on nearly OOM or thrashing situations (making 
>> use of Zswap + MGLRU if available).
>>
>> The rules themselves are just the same, so no changes there.
> 
> I had an exit relay which was constantly DDoSed. Instance CPU usage was 
> 40%.
> 
> Had the IP change (for another reason tho) and it didn't go away, the 
> DDoS targeted that particular fingerprint. That server had two relays, 
> one fortunately unaffected.
> 
> I ended up just changing the fingerprint for the affected one. Now I 
> have to wait for the ramp-up phase, yay!

Interesting. What was the old fingerprint? Did the affected and 
unaffected relays were guards and/or exists?

Georg

>> Merry christmas,
>> Frank
> 
> Best,
> 
> Neel
> 
>>
>>
>>
>>
>> ------- Original Message -------
>> On Sunday, December 4th, 2022 at 11:25 PM, Frank Steinborn 
>> <steinex at nognu.de> wrote:
>>
>>
>>>
>>>
>>> Hi,
>>>
>>> I want to show you my anti DDoS solution for my relays (aswell ;-). 
>>> It works without ipset, but with a mix of the recent and hashlimit 
>>> iptables modules.
>>>
>>> What is does:
>>> * If one IP address tries to make 7 SYN connection attempts per 
>>> second, they are locked out for 300 seconds. If they try another 
>>> connection in that timeframe, the timer is reset and they are locked 
>>> out for another 300 seconds.
>>> * Threre are no more SYNs allowed if 4 connections are already in use 
>>> to the ORPort.
>>>
>>> It works very well for me. Other solutons are far more aggressive but 
>>> I feel my solution works perfectly against the attacks, even if they 
>>> are not that aggresive.
>>>
>>> On top of that, I feel its more easy to implement into ones existing 
>>> firewall solution.
>>>
>>> You can find the repo here: https://github.com/steinex/tor-ddos
>>>
>>> Feel free to give it a shot and feedback would be much appreciated!
>>>
>>> Greetings,
>>> steinex
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20230109/24cfc38c/attachment.sig>

More information about the tor-relays mailing list