#33018: Dir auths using an unsustainable 400+ mbit/s, need to diagnose and fix ---------------------------------------+----------------------------------- Reporter: arma | Owner: dgoulet Type: defect | Status: assigned Priority: Medium | Milestone: Tor: | 0.4.3.x-final Component: Core Tor/Tor | Version: Severity: Normal | Resolution: Keywords: network-health 043-should | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: ---------------------------------------+-----------------------------------
Comment (by arma): Replying to [comment:19 starlight]: > How about throwing up an iptables recent module rule limiting the maximum request rate from any single IP address and seeing if it helps? My observation is botnet abuse often arrives with high intensity from a limited number of addresses during a given interval. Set at a perhaps twice the maximum rate expected of a bootstrapping relay. If it works similar logic could be added to the relay. I have a couple of rules I'll share privately, though it's hardly rocket science. I believe Sebastian has done some exploration of the IP addresses, and found that many of the requests come from their own IP address. That is, this really is thousands of places around the internet, not just a handful. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33018#comment:20> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs