The DoSCircuitCreation/DoSConnection configs are unrelated to what
ReevaluateExitPolicy allows.
DoSCircuitCreation/DoSConnection are enacted by guards, to protect
themselves, and to some extent the rest of the network, from "noisy
IPs" trying to connect to Tor.
ReevaluateExitPolicy is not a DoS opt
P.S:
If this is a client to guard detection only, then why does my exit node also
block a significant amount of DoS (I had around the same statistics when my
guard probability fraction was still zero, so clearly something is working):
> Aug 09 21:08:36 matrix tor[XXX]: Aug 09 21:08:36.000 [noti
I am very well aware of that and how it works, I have seen your commit that got
merged, and am a C/C++ programmer as well.
Nevertheless, this is a feature I wanted anyway, so I could just reload the
config and block IP's or even ranges if SSH range / portscans are done using my
exit.
Right now
Can this get some attention please?
A temporary fix seems to be to either patch the two magic constants of
MIN/MAX_THREADS mentioned in the bugtracker, or to not use the seccomp syscall
sandbox.
Both not obviously not the best options.
Regards,
George
On Saturday, January 13th, 2024 at 6:29 PM
On Samstag, 10. August 2024 00:58:29 CEST George Hartley via tor-relays wrote:
> Then these must be targeted attacks, as I have never encountered something
> like this during 10 years of relay operation under different providers and
> aliases.
Of course, these are targeted attacks and have been ex
On Samstag, 10. August 2024 05:25:51 CEST George Hartley via tor-relays wrote:
> If this is a client to guard detection only, then why does my exit node also
block a significant amount of DoS (I had around the same statistics when my
guard probability fraction was still zero, so clearly somethin
On Samstag, 10. August 2024 14:38:27 CEST George Hartley via tor-relays wrote:
> I am very well aware of that and how it works, I have seen your commit that
> got merged, and am a C/C++ programmer as well.
>
> Nevertheless, this is a feature I wanted anyway, so I could just reload the
> config and
