[tor-relays] DOS Protection mini RFC

[George Hartley]

If there is DoS on bridges on domestic connections, or connections with very low throughput, then handling (D)DoS at an application layer becomes futile - it will simply overload the NIC.

But for bridges on at least 100MbE ports, this would be a nice addition.

On Sunday, August 11th, 2024 at 9:20 PM, pasture_clubbed242--- via tor-relays <tor-relays at lists.torproject.org> wrote:

> Since it is still all fresh in our heads, I wanted to pitch an idea real fast. No idea if it was covered at a tor meeting at some point.
> 

> For bridge relay operators, such as those with very low bandwidth, it may be worth it to keep lower-than-consensus-restrictions using the DOS flags here https://2019.www.torproject.org/docs/tor-manual.html.en#DoSCircuitCreationEnabled -- but this might be higher maintenance though, as keeping up to date with consensus params may be needed often.
> 

> Does it seem worth it or necessary to have a multiplier variable? Like bridges with low bandwidth can set, for example,
> 

> DoSConsensusMultiplier 0.75
> 

> In order to lower all or select values by 75%, rounding up to the nearest whole number or the configured floor value ( perhaps DoSConsensusMultiplierFloor 2 ...?).
> 

> 

> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - hartley_george at proton.me - 0xAEE8E00F.asc
Type: application/pgp-keys
Size: 657 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20240814/14c294e1/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20240814/14c294e1/attachment.sig>