On Fri, 3 Nov 2006, Aioe wrote:
In order to avoid SYN DDOS and floods, my server accepts only a determinate
number of daily connections and bytes per IP. Trespassers are banned for a
day. While a single (end) proxy serves a single client the total activity
generated on my host by that tor router usually remains under this limit.
When more than a client uses the same proxy, often that tor router exceeds
those values because the barrier is calibrated assuming a single client per
IP. Every IP can also post only 25 messages per day which is a reasonable
limit for a single client but it isn't enough when multiple users share the
same IP.
There is a fundamental flaw in this assumption that will cause you
problems with a much larger user set than just tor users. Your
assumptions on a 1:1 mapping of users to ip addresses also break for
populations behind NAT. Sometimes entire organizations or networks
appear to the public internet as a single set of proxy/NAT
addresses, and your accounting method breaks for this set as well.
While explicitly permitting Tor routers is a step in the right
direction, you're going to run into the same problems with natted
users, and that will be a tougher nut to crack.
good luck,
matto
[EMAIL PROTECTED]darwin
Moral indignation is a technique to endow the idiot with dignity.
- Marshall McLuhan