#24902: Denial of Service mitigation subsystem -------------------------------------------------+------------------------- Reporter: dgoulet | Owner: dgoulet Type: enhancement | Status: | needs_review Priority: Very High | Milestone: Tor: | 0.3.3.x-final Component: Core Tor/Tor | Version: Severity: Normal | Resolution: Keywords: ddos, tor-relay, review-group-30, | Actual Points: 029-backport, 031-backport, 032-backport, | review-group-31 | Parent ID: | Points: Reviewer: arma | Sponsor: -------------------------------------------------+-------------------------
Comment (by arma): Replying to [comment:48 dgoulet]: > > But it looks like the call to dos_should_refuse_single_hop_client() doesn't care whether public_server_mode(). > > Agree. Fixup commit: `ab7b9581f3` (A) I think this one is missing a !. (B) Yes, an 0.3.3 branch would be good so we have something to actually merge. (C), it wants a changes file. Here's a start: {{{ o Major features: - Give relays some defenses against the recent network overload. We start with three defenses (default parameters in parentheses). First: if a single client address makes too many connections (>100), hang up on further connections. Second: if a single client address makes circuits too quickly (more than 3 per second, with an allowed burst of 90) while also having too many connections open (3), refuse new create cells for the next while (1-2 hours). Third: if a client asks to establish a rendezvous point to you directly, ignore the request. These defenses can be manually controlled by new torrc options, but relays will also take guidance from consensus parameters, so there's no need to configure anything manually. Implements ticket 24902. }}} Looking good! -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24902#comment:52> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs