In the last months i've spent a lot of time trying to optimize the TOR interface with my public news (USENET) server (aioe.org) which is also available through an hidden service at news://w4rwbqnaa6oopu5l.onion . I'm trying to write a short document that describes this process and i wish your opinions about some points.
1. The onion domains are extremely slow. When a client tries to open a connection with a news server, an istance of nnrpd is loaded by xinetd and it's kept in memory until that client closes the connection or an amount of time is elapsed without receiving anything from that client. This is called 'initial timeout' and it's usually set to a reasonably low amount of seconds (2) in order to quickly disconnect the clients in order to save resources. When a client tries to establish a connection with my server through an onion domain, a short initial timeout isn't enough and the server closes the connection before receiving the client's request. Which is the lowest amount of time that is always enough for TOR? Four seconds seems to be enough, is this right? 2. TOR network is used by many (wannabe) hackers. An improper use of some NNRP command (XOVER) can slow down the server, control messages are forbidden, spam is not welcome. In the last months, aioe.org was plagued by several attacks delivered through TOR. This is becoming a problem because the server is forced to block the TOR interface in order to avoid more serious damages. Which kind of protections do you choose for the hosts that are serving TOR services (ie mail servers or web servers)? bye
