[Tor-BSD] new tor -alpha release and DOS attacks

teor teor2345 at gmail.com
Thu Dec 21 16:47:56 EST 2017


> On 22 Dec 2017, at 08:14, George Rosamond <george at ceetonetechnology.com> wrote:
> 
> For anyone who's running any directory services, there has been heavy
> memory-consuming attacks going on since last week.

These attacks potentially affect all Tor relays.

> We should discuss mitigation on the operating system level with
> host-based firewalling and syctl knobs in a separate thread, but the new
> tor -alpha release is supposed to deal with the issue.

The new release mitigates the issue by consuming less RAM.

We also recommend the following Tor config mitigations:
* set MaxMemInQueues to the amount of free RAM available per tor
  instance, minus a few hundred megabytes for other data structures.
* give Tor as many file descriptors as you have available (again, minus
  those needed for other purposes).

> The FreeBSD security/tor-devel was updated zippy quick, and I'm running
> it now on NYCBUG0.

Thanks for the prompt response!

T


More information about the Tor-BSD mailing list