[tor-relays] DDOS alerts from my provider

[lists at for-privacy.net]

On Montag, 8. Juli 2024 19:34:51 CEST Rafo (r4fo.com) via tor-relays wrote:
> But this week I’ve received 2 DDoS alerts from my provider
> (Netcup), both are ~3 gigabits. They seem to be coming from other Tor
> relays.I’m running an Invidious like instance on my server (which uses
> around 600 megabits) but I have a 2.5 gigabit port. So I configured my Tor
> relay to use 300-400 megabits.I’m not sure where that 3 gigabit of data
> comes from.I have lowered my advertised bandwidth to 100 megabits, would
> that be enough to prevent these kind of issues?Kind regards,Rafo

Reducing the advertised bandwidth does not help. ;-) In general, one tor 
instance will rarely reach 100 megabits.

There is little you can do on the server against targeted DDoS. But you can 
stop IPs with a lot of connections to your tor daemon using dynamic exit 
police¹ or dyn. IP/nftable rules². For targeted help, you should specify the 
type of relay you have and your OS.

https://gitlab.torproject.org/tpo/community/support/-/issues/40093

¹https://github.com/artikel10/surgeprotector

²https://forum.torproject.org/t/is-tor-network-resistant-to-tcp-syn-flood-dos-attacks-from-outside-of-tor/12690/4

-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 3872 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20240709/08c64aac/attachment.sig>