Hi, > On 16 Aug 2019, at 04:22, potlatch <potla...@protonmail.com> wrote: > > One question remains: At any time I look there are 20-150 Iranian IP > addresses trying to access the Tor server. Their IP range is from 5.113.x.x > to 5.126.x.x. None have hashed fingerprints. Is it okay to let these guys > go? Can they harm or slow Tor? Should I ban them? I'd like to learn from > this.
This is probably a connection error caused by Iranian censorship. We're working on anti-censorship and stats fixes, but I can't find the tickets right now. In the meantime, try using a lower value for Tor's DoSConnectionMaxConcurrentCount option. The consensus value is 50, but you should set your value based on the number of connections from a single IP address. Or just try 25, then 12, ... If no single IP address is problematic by itself, you can use a firewall to limit the number of connections, or the new connection rate, from an entire address block. T -- teor ----------------------------------------------------------------------
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays