> On 21 Dec 2017, at 08:51, teor <[email protected]> wrote: > >> >> 1) Why didn't we see this abuse wave coming ? We kept replying to reporters >> of the dreaded "Failing because we have XXX connections already. Please read >> doc/TUNING for guidance" about how they could amend their config to accept >> more connections. Although the 'global scale' of those events should have >> been detected, without most of use assuming it was due to nodes' bad config. > > Load spikes are normal, particularly with the HSDir flag, because HSDir > usage is not bandwidth-weighted. > > Allowing more connections *is* the right thing to do with this attack, > if your OS has the resources. Several of my relays never went down, > because they were over-provisioned with RAM and CPU. > > Others only went down temporarily, during the most intense phases. > (And then their excessive bandwidth weight was redistributed, and they > have been coping well.) > > If you don't have the resources to handle that many connections, then > limiting connections is the right thing to do. If you can't do it > using tor, then a firewall is the way to go. > > (There are some bugs in Tor that make the attack more effective than > it should be. We're working on fixing them.)
To mitigate this attack, we recommend setting MaxMemInQueues to the amount of RAM you have available per tor instance (or maybe a few hundred MB less). Tor estimates it, but the estimate isn't very good. T -- Tim / teor PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n ------------------------------------------------------------------------
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
