On Mittwoch, 10. Juli 2024 18:34:26 CEST Toralf Förster via tor-relays wrote:
> > https://www.petsymposium.org/foci/2024/foci-2024-0014.php Very interesting, thanks. > After reading that paper I do wonder if a firewall rule would work which > drops network packets with destination to the ORport if those packets > are shorter than a given length? The idea is not bad. But can you simply discard every ≤ 50byte packet? I drop fragments and uncommon TCP MSS values. ip frag-off & 0x1fff != 0 counter drop tcp flags syn tcp option maxseg size 1-536 counter drop By the way, I actually wanted to write it as a Github issue. You have to adjust your Dir-auth IP's in iptables. IP of dizum has changed and faravahar is back ;-) -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
