Tor and NNTP
Aioe
estasi at aioe.org
Fri Nov 3 15:56:40 UTC 2006
I'm the owner of a large *public* news server (see http://news.aioe.org/ )
which allows a (restricted) read and write access to USENET groups without
requiring an authentication. I'm also a novice with Tor. An increasing number
of tor users is choosing my server for reading and posting on USENET.
In order to avoid SYN DDOS and floods, my server accepts only a determinate
number of daily connections and bytes per IP. Trespassers are banned for a
day. While a single (end) proxy serves a single client the total activity
generated on my host by that tor router usually remains under this limit.
When more than a client uses the same proxy, often that tor router exceeds
those values because the barrier is calibrated assuming a single client per
IP. Every IP can also post only 25 messages per day which is a reasonable
limit for a single client but it isn't enough when multiple users share the
same IP.
Therefore sometimes some tor proxy is banned from my server due an excessive
number of connections, bytes or posts.
I need a (server side) way to separate the tor users from the other ones: is
this possible?
I'm supposing to setup an "hidden service" which redirects all tor users to a
non default *local* NNTP port in order to treat them differently from the
other clients. In this way, when the tor users access the server from the
main DNS system (as nntp.aioe.org) they're still subjected to the standard
rules that are applied to all clients but when they use the .onion domain a
different (less restrictive) policy can be applied to them. Is this a right
way?
If so, does tor allow to be configured in order to handle only my "hidden
service" without providing any other tor service (my ISP doesn't like proxy
and i've not much bandwidth)?
greetings
Paolo Amoroso (Aioe)
More information about the tor-talk
mailing list