Re think about connection management and vote relays
Hello people , how are you ?
People am here here testing few things and seeing how network usage testing both tor 4.7.xx and dev with some modifications and i would like share some of observations and ask to implement some features could low those DDOS attacks and spam request by guards to connections.
My first phase test was test a normal version Tor without modifications and perform some usage Advertised Bandwidth and found some to sahre :
- A guard mode using normal features frozen more times using full/low capacity ISP usage taking hours to back to normal
- Usually those frozen is caused by malicious people DDOS attacks and excess requests
- Those open bar configurations overload all network tor and make our contribution hard
- Increase my energy bills and frozen your internet most of time
Those actual implementation give me also
[warn] Decrypting superencrypted desc failed. [warn] Service descriptor decryption failed. [warn] HSDesc parsing failed!
IP: 148.251.46.115 Port: 1 IP: 148.251.46.115 Port: 0 IP: 95.217.200.54 Port: 1 IP: 95.217.200.54 Port: 0 IP: 85.214.42.55 Port: 1 IP: 85.214.42.55 Port: 0 IP: 185.220.101.34 Port: 1 IP: 185.220.101.34 Port: 0 IP: 37.75.166.2 Port: 1 IP: 37.75.166.2 Port: 0
This is another one i took during execution tor
[notice] Application asked to connect to port 0. Refusing. [warn] Rejecting SOCKS request for anonymous connection to private address [scrubbed].
My second phase resumes take a dev tor and let people use what my tor/guard/middle and internet permits
- Limit ports guard can offer in way to prevent flood requests and provide to those already connected good and stable connections
- Accept basic ports as 53,80,443,5005,8333 and reject all btw 2:8999
- Observe how ISP act this phase test and if it wont frozen
- Detected some 1.1.1.1:443 try uses my guard to make spam
Using this approach this test i get a better result than running openbar stuff. This suggest me most tor using lowers ports make terrible spam and have been overload who offer low Advertised Bandwidth and as consequence get Consensus Weight very low. i don't like put my hands on source code cause sometimes i don't few comfortable to code on stuff of others so i would like make some requests in order to prevent those things to happen to low quality ISP providers and give more options to people without hurt relays internet capacity.
Suggestions to change about how servers and built:
- Make ORPort range port usage
- Server Could restart after time and use ORPort range as parameter to define new port usage cause actual AUTO make from 0-65535 and ISP blocks some range or low ports
- Keep DirPort static; no need change anything
- Makes guard limitations port to prevent overload and spam requests
- Add blacklist capacity as sockspolicy IP "i dont know if we already have it to guards too"
- Build a open database ips used to be scam / ddos or other bad related stuff
- Add options to Dir vote to make sure no misunderstands appear because limitations
- AUTO detect ports could restart many times as possible to detect ports ISP let you use
I would like more to advocate and run relays and make more suggestions if possible .... but all depends if community will be more friendly and near future help people as me to build more relays or exits . For now is all i can say and suggests. Thank you.