commit 9aca7d47306222f2870ec16a7291a8215d6c3316
parent e58a4fc6cfcdeafc2ebfb61fd3cf6d163ce2436c
Author: David Goulet <dgoulet@torproject.org>
Date: Tue, 30 Jan 2018 09:15:33 -0500
dos: Add changes file for ticket 24902
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat:
1 file changed, 13 insertions(+), 0 deletions(-)
diff --git a/changes/ticket24902 b/changes/ticket24902
@@ -0,0 +1,13 @@
+ o Major features (denial of service mitigation):
+ - Give relays some defenses against the recent network overload. We start
+ with three defenses (default parameters in parentheses). First: if a
+ single client address makes too many concurrent connections (>100), hang
+ up on further connections. Second: if a single client address makes
+ circuits too quickly (more than 3 per second, with an allowed burst of
+ 90) while also having too many connections open (3), refuse new create
+ cells for the next while (1-2 hours). Third: if a client asks to
+ establish a rendezvous point to you directly, ignore the request. These
+ defenses can be manually controlled by new torrc options, but relays
+ will also take guidance from consensus parameters, so there's no need to
+ configure anything manually. Implements ticket 24902.
+
