On 02 Feb (00:23:14), Alec Muffett wrote:
> I am not going to pretend that I fully understand the DDoS mitigations yet,
> but experience at two jobs has taught me that at least three entire
> countries essentially present themselves from behind small numbers of
> heavily NATed addresses, so I hope that the mitigations are NAT-friendly.
> ISTR that UAE and Singapore are two such, I forget the third?

I've been running the circuit creation mitigation for weeks now in different
forms which had much more aggressive threshold in the beginning.

At most, my Guard identified 550 ish client address for which I've
investigated a bit. They were all from big hosting corp that is
dedicatedpanel.com, vultr.com LeaseWeb and Hetzner (the OVH clients were gone
at that time).

The majority (82%) was Hetzner.

Thus so far I would say that it is not impacting that much single countries
NATed in some ways or another.

This doesn't mean it won't be *especially* when 70% of the network will be
rolling out those defenses. We really need to keep a sharp eye on this and
adjust accordingly.



Attachment: signature.asc
Description: PGP signature

tor-onions mailing list

Reply via email to