Re: [tor-relays] Experimental DoS mitigation is in tor master

2018-03-11 Thread Matt Traudt
On 3/11/18 10:15, Toralf Förster wrote: > On 03/11/2018 09:44 AM, nusenu wrote: >> 33% of guard capacity and 37% of consensus weight is running on tor versions >> with DoS mitigation features. >> > But there was no abrupt change around that time where the # user users droped > down - so there'S

Re: [tor-relays] Experimental DoS mitigation is in tor master

2018-03-11 Thread Toralf Förster
On 03/11/2018 09:44 AM, nusenu wrote: > 33% of guard capacity and 37% of consensus weight is running on tor versions > with DoS mitigation features. > But there was no abrupt change around that time where the # user users droped down - so there'S no strong correlation IMO. -- Toralf PGP

Re: [tor-relays] Experimental DoS mitigation is in tor master

2018-03-11 Thread nusenu
> But https://metrics.torproject.org/versions.html doesn't show a > strong correlation in decrease/increase of a specific Tor version so > I do wonder how to interrprete the user numbers. 33% of guard capacity and 37% of consensus weight is running on tor versions with DoS mitigation features.

Re: [tor-relays] Experimental DoS mitigation is in tor master

2018-03-11 Thread Toralf Förster
On 03/11/2018 08:33 AM, Roger Dingledine wrote: > On Wed, Jan 31, 2018 at 04:16:52AM -0500, Roger Dingledine wrote: >> Thanks for your patience with the relay overload issues. > > Early indications are that the overloaders have stopped. At least > for now, but hopefully for longer. > >

Re: [tor-relays] Experimental DoS mitigation is in tor master

2018-03-10 Thread Roger Dingledine
On Wed, Jan 31, 2018 at 04:16:52AM -0500, Roger Dingledine wrote: > Thanks for your patience with the relay overload issues. Early indications are that the overloaders have stopped. At least for now, but hopefully for longer.

Re: [tor-relays] Experimental DoS mitigation is in tor master

2018-02-01 Thread teor
Cc'ing torservers for bridge OutboundBindAddrrss, and Mike for vanguards. Here are the mitigations again: > o Major features: >- Give relays some defenses against the recent network overload. We > start with three defenses (default parameters in parentheses). > First: if a single

Re: [tor-relays] Experimental DoS mitigation is in tor master

2018-02-01 Thread Andy Weber
I've updated my entire fleet (https://atlas.torproject.org/#search/family:2F9A6B5ADBE91EC69F55AAFB7DC49619D31B8324) today around 11:30AM to 0.3.3.1-alpha-dev (git-d1c2597096cac27e) and so far it looks like the mitigations are working nicely. Pretty graphs supporting that claim:

Re: [tor-relays] Experimental DoS mitigation is in tor master

2018-02-01 Thread David Goulet
On 01 Feb (04:01:10), grarpamp wrote: > > Applications that use a lot of resources will have to rate-limit themselves. > > Otherwise, relays will rate-limit them. > > It's possible if relays figure that stuff by #2 might not be > an attack per se, but could be user activities... that relays >

Re: [tor-relays] Experimental DoS mitigation is in tor master

2018-02-01 Thread grarpamp
> Applications that use a lot of resources will have to rate-limit themselves. > Otherwise, relays will rate-limit them. It's possible if relays figure that stuff by #2 might not be an attack per se, but could be user activities... that relays might push back on that one by... - Seeking

Re: [tor-relays] Experimental DoS mitigation is in tor master

2018-02-01 Thread teor
> On 1 Feb 2018, at 18:59, grarpamp wrote: > > Has #2 been eval regarding onion indexing engines, oniontorrent, etc? > They use a lot of resources for agnostic purposes. > Censoring them as collateral damage would be bad. Applications that use a lot of resources will have

Re: [tor-relays] Experimental DoS mitigation is in tor master

2018-02-01 Thread grarpamp
Has #2 been eval regarding onion indexing engines, oniontorrent, etc? They use a lot of resources for agnostic purposes. Censoring them as collateral damage would be bad. ___ tor-relays mailing list tor-relays@lists.torproject.org

Re: [tor-relays] Experimental DoS mitigation is in tor master - log entry

2018-01-31 Thread Felix
Hi everbody Am 31-Jan-18 um 10:16 schrieb Roger Dingledine: > now is a great time to try it and let us know of > problems and/or successes. Currently just success. NTor is still pretty high, circuits and TAP 'normal'. cpu is difficult to say, still pumping lots of circuits anyway. Settings are

Re: [tor-relays] Experimental DoS mitigation is in tor master

2018-01-31 Thread Toralf Förster
On 01/31/2018 10:16 AM, Roger Dingledine wrote: > the sort who enjoys running code from git, now is a great time to try it > and let us know of problems and/or successes. > tor-0.3.3.1-alpha-58-ga846fd267 is bad here, the inbound connections stays at 5-10 tor-0.3.3.1-alpha-42-g2294e330b works

Re: [tor-relays] Experimental DoS mitigation is in tor master

2018-01-31 Thread Toralf Förster
On 01/31/2018 08:57 PM, Tyler Johnson wrote: > with or without additional firewall *with* additional firewall rules currently. -- Toralf PGP C4EACDDE 0076E94E signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list

Re: [tor-relays] Experimental DoS mitigation is in tor master

2018-01-31 Thread Tyler Johnson
at a first glance master (tor-0.3.3.1-alpha-42-g2294e330b) works like a charm here at a hardened stable Gentoo with vanilla kernel 4.14.16 at both Tor exit relays Is that with or without additional firewall rules to combat the abundant connection issues?

Re: [tor-relays] Experimental DoS mitigation is in tor master

2018-01-31 Thread Toralf Förster
On 01/31/2018 10:16 AM, Roger Dingledine wrote: > but if you're > the sort who enjoys running code from git, now is a great time to try it > and let us know of problems and/or successes. at a first glance master (tor-0.3.3.1-alpha-42-g2294e330b) works like a charm here at a hardened stable Gentoo

Re: [tor-relays] Experimental DoS mitigation is in tor master

2018-01-31 Thread nusenu
teor: > > >> On 31 Jan 2018, at 20:37, nusenu wrote: >> >>> We've merged https://bugs.torproject.org/24902 into tor git master. >>> ... > > If you compile using clang, there are some warnings that appear to be > harmless: >

Re: [tor-relays] Experimental DoS mitigation is in tor master

2018-01-31 Thread teor
> On 31 Jan 2018, at 20:37, nusenu wrote: > >> We've merged https://bugs.torproject.org/24902 into tor git master. >> ... If you compile using clang, there are some warnings that appear to be harmless: https://trac.torproject.org/projects/tor/ticket/25094 The overall

Re: [tor-relays] Experimental DoS mitigation is in tor master

2018-01-31 Thread nusenu
nusenu: > And packages for Debian-based OSes are probably in the next nightly master > builds > available at https://deb.torproject.org/torproject.org/dists/ I just added support for tor nightly build repos to ansible-relayor (Debian/Ubuntu only), to make it very easy to test bleeding edge

Re: [tor-relays] Experimental DoS mitigation is in tor master

2018-01-31 Thread John Ricketts
Woo, for sure! > On Jan 31, 2018, at 03:16, Roger Dingledine wrote: > > Hi folks, > > Thanks for your patience with the relay overload issues. > > We've merged https://bugs.torproject.org/24902 into tor git master. We'll > be putting out an 0.3.3.2-alpha release in not too long

Re: [tor-relays] Experimental DoS mitigation is in tor master

2018-01-31 Thread nusenu
> Thanks for your patience with the relay overload issues. > > We've merged https://bugs.torproject.org/24902 into tor git master. We'll > be putting out an 0.3.3.2-alpha release in not too long for wider testing, > and eventually backporting it all the way back to 0.2.9, but if you're > the sort