On 11/9/14, coderman <coder...@gmail.com> wrote: > ... > Andrea's distribution shows this type of behavior, as i would expect it: > https://people.torproject.org/~andrea/loldoxbin-logs/analysis/length_distribution.txt > e.g. send small bits to keep connection active and not closed by > server side client send timeouts, then around 900-1000 chars call it > good and finalize the request.
your ConstrainedSockets experiments are exactly what i would expect to see if this technique were used, since reducing socket buffers would allow you to have more concurrent connections open (and thus thwart a DoS at lower limits). note that the next level of breakage might show up at file descriptor limits in processes like Tor or your Nginx server. ulimits tuning also suggested. (i like to use 32-64k as soft limit for all processes on a server by default, and 0.25mm for front-end proxies running Nginx/HAProxy or related services.) last but not least, if you are pushing to extreme levels of concurrence, be sure to disable CONNTRACK in iptables/xtables. (or use an OS that has better performance with filtering infrastructure, per the platform diversity thread active here the last few days) best regards, -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
