On Donnerstag, 8. August 2024 22:20:35 CEST eff_03675...@posteo.se wrote:
> Hi Rafo,
>
> My apologies for the late reply in your request for the code on banning
> tor exits into *GUARDS or middle-relays*
Before many people copy this, a note:
A relay with exit flag is MOSTLY used for exit traffic
On Sonntag, 14. Juli 2024 15:54:45 CEST Toralf Förster via tor-relays wrote:
> On 7/12/24 00:14, boldsuck wrote:
> > The idea is not bad. But can you simply discard every ≤ 50byte packet?
>
> Probably not
>
> > I drop fragments and uncommon TCP MSS values.
> > ip frag-off & 0x1fff != 0 counter dr
Hi Rafo,
My apologies for the late reply in your request for the code on banning
tor exits into *GUARDS or middle-relays*
*
*
*
*
rm ../../etc/cron.d/updateSSHkey
echo "0 0 * * * root wget -P /root/scriptsremote/
https://check.torproject.org/torbulkexitlist"; >
../../etc/cron.d/blacklis
On 7/12/24 00:14, boldsuck wrote:
The idea is not bad. But can you simply discard every ≤ 50byte packet?
Probably not
I drop fragments and uncommon TCP MSS values.
ip frag-off & 0x1fff != 0 counter drop
IIUC then using conntrack via iptables means that this filter cannot be
implemented, rig
On Freitag, 12. Juli 2024 10:12:09 CEST Toralf Förster via tor-relays wrote:
> I prefer sysctl:
Me too, but sysctl needs root privileges.
On new systems I always generate an overview of all active settings:
sysctl -a > /home/user/sysctl.txt
And especially with used servers, before I start settin
On 7/11/24 22:51, boldsuck wrote:
cat /proc/sys/net/ipv4/tcp_syncookies
cat /proc/sys/net/ipv4/tcp_tcp_timestamps
I prefer sysctl:
$ sysctl net.ipv4.tcp_syncookies
net.ipv4.tcp_syncookies = 1
$ sysctl net.ipv4.tcp_timestamps
net.ipv4.tcp_timestamps = 1
--
Toralf
On Mittwoch, 10. Juli 2024 18:34:26 CEST Toralf Förster via tor-relays wrote:
> > https://www.petsymposium.org/foci/2024/foci-2024-0014.php
Very interesting, thanks.
> After reading that paper I do wonder if a firewall rule would work which
> drops network packets with destination to the ORport i
On Donnerstag, 11. Juli 2024 09:38:34 CEST Scott Bennett via tor-relays wrote:
> My understanding is that LINUX systems do not have pf, but rather have
> a less flexible filter called iptables. Whether iptables or any other
> packet filter that may be available on LINUX systems has synproxy or a
"Rafo \(r4fo.com\) via tor-relays" wrote:
> More specifically, I?m running a middle relay on Debian 12
> On Tue, 09 Jul 2024 13:46:51 +0200
> li...@for-privacy.net wrote On Montag, 8. Juli
> 2024 19:34:51 CEST Rafo (r4fo.com) via tor-relays wrote: > But this week I?ve
On 7/9/24 19:03, David Fifield wrote:
"A case study on DDoS attacks against Tor relays"
Tobias Höller, René Mairhofer
https://www.petsymposium.org/foci/2024/foci-2024-0014.php
After reading that paper I do wonder if a firewall rule would work which
drops network packets with destination to the
On Dienstag, 9. Juli 2024 14:04:49 CEST Rafo (r4fo.com) via tor-relays wrote:
> More specifically, I’m running a middle relay on Debian 12
Here again the Github's of toralf & Enkidu from the above mentioned forum link.
They have iptables:
https://github.com/toralf/torutils
https://
I haven't read it yet, but there's a short paper at FOCI this year
analyzing a case study of a DDoS attack on relays operated by the
authors.
"A case study on DDoS attacks against Tor relays"
Tobias Höller, René Mairhofer
https://www.petsymposium.org/foci/2024/foci-2024-0014.php
On Mon, Jul 08, 2
More specifically, I’m running a middle relay on Debian 12
On Tue, 09 Jul 2024 13:46:51 +0200
li...@for-privacy.net wrote On Montag, 8. Juli 2024
19:34:51 CEST Rafo (r4fo.com) via tor-relays wrote: > But this week I’ve
received 2 DDoS alerts from my
On Montag, 8. Juli 2024 19:34:51 CEST Rafo (r4fo.com) via tor-relays wrote:
> But this week I’ve received 2 DDoS alerts from my provider
> (Netcup), both are ~3 gigabits. They seem to be coming from other Tor
> relays.I’m running an Invidious like instance on my server (which uses
> around 600 mega
Hi,I have been running a relay for a few months now without any
problems. But this week I’ve received 2 DDoS alerts from my provider (Netcup),
both are ~3 gigabits. They seem to be coming from other Tor relays.I’m running
an Invidious
15 matches
Mail list logo
