Hi,
> On 16 Aug 2019, at 04:22, potlatch wrote:
>
> One question remains: At any time I look there are 20-150 Iranian IP
> addresses trying to access the Tor server. Their IP range is from 5.113.x.x
> to 5.126.x.x. None have hashed fingerprints. Is it okay to let these guys
> go? Can they harm or slow Tor? Should I ban them? I'd like to learn from
> this.
This is probably a connection error caused by Iranian censorship.
We're working on anti-censorship and stats fixes, but I can't find the
tickets right now.
In the meantime, try using a lower value for Tor's
DoSConnectionMaxConcurrentCount option. The consensus value is 50, but
you should set your value based on the number of connections from a
single IP address. Or just try 25, then 12, ...
If no single IP address is problematic by itself, you can use a
firewall to limit the number of connections, or the new connection
rate, from an entire address block.
T
--
teor
--
signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays