Re: [tor-relays] Attack on Tor exit and back-up directory server

2019-08-18 Thread teor 
Hi,

> On 16 Aug 2019, at 04:22, potlatch  wrote:
> 
> One question remains:  At any time I look there are 20-150 Iranian IP 
> addresses trying to access the Tor server.  Their IP range is from 5.113.x.x 
> to 5.126.x.x.  None have hashed fingerprints.  Is it okay to let these guys 
> go?  Can they harm or slow Tor?  Should I ban them?  I'd like to learn from 
> this.

This is probably a connection error caused by Iranian censorship.

We're working on anti-censorship and stats fixes, but I can't find the
tickets right now.

In the meantime, try using a lower value for Tor's
DoSConnectionMaxConcurrentCount option. The consensus value is 50, but
you should set your value based on the number of connections from a
single IP address. Or just try 25, then 12, ...

If no single IP address is problematic by itself, you can use a
firewall to limit the number of connections, or the new connection
rate, from an entire address block.

T

--
teor
--



signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Attack on Tor exit and back-up directory server

2019-08-18 Thread potlatch 
Hello All,
I commented and questioned earlier about significant slowing of one of my 
Finnish exit relays [1] and potential DoS attack.  I took the server off line 
and did the best job I could hardening it.  The host does not have DoS 
protection and uses Xen OpenVZ as his VPS manager.  I was getting "nf_contract: 
table full, dropping packet." errors by the 1000s.  That's fixed and I'm back 
on the Tor net now.
One question remains:  At any time I look there are 20-150 Iranian IP addresses 
trying to access the Tor server.  Their IP range is from 5.113.x.x to 
5.126.x.x.  None have hashed fingerprints.  Is it okay to let these guys go?  
Can they harm or slow Tor?  Should I ban them?  I'd like to learn from this.
-potlatch

Sent with [ProtonMail](https://protonmail.com) Secure Email.___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays