Hi there,
It's very unfortunate, but I don't have the Logs due to initial mistake I made, not setting up a Logfile. In the updated torrc file, i recently added it but I thought it is not worth a restart to implement this. Now it works. But I saw the relay logs in the cmd during the attack, and there was nothing unusal at all, except for the high rejection rates. The Out-of-Memory was also an Error that came from Windows, not the tor-process itself. I'm a bit positive surprised by the Windows Memory Management, all System Processes and the OS were unaffected by the attack. Additionally I have an powershell-script that monitores the tor.exe and restarts it after 2 minutes of "cool-down" if it crashes for 3 times. This was the first time it was ever needed, and I hope next time is not soon. Then I will also try the stupid oversize approach.. ;) About the Firewall Topic: I've read this manual you sent before, but I think its impossible with the windows firewall implementation. That's one weakness of closed source, either it matches the use case or you have to go for something completely different. The Windows Firewall is not statefull, but I had implemented very restrictive rules since the first day. However, this is limited by allowing only the tor.exe and related stuff to send and recieve traffic. If you would try to open a new process not listed, communication would fail. But fancy "real-time" stuff - not a chance. I mean creating some rules via powershell no prob, but how to analyse the concurrent, tor related connections (grabbing netstat?!) - sounds difficult and ressource heavy to me, and I'm sadly not a coding expert. In total there are 3 Firewalls between Internet and Tor, one Open-Source, one proprietary and the Windows Firewall, maybe I can stop this happening at another point in the network. I'll dig a bit deeper when I have the time, next step planned is implement Windows Applikation Control, so only the tor.exe I've made a checksum beforehand, is allowed to run. But thats a different topic. Thank you very much for your suggestions and maybe other hints/tips! Best regards, Joker
_______________________________________________ tor-relays mailing list -- [email protected] To unsubscribe send an email to [email protected]
