On Montag, 8. Juli 2024 19:34:51 CEST Rafo (r4fo.com) via tor-relays wrote:
But this week I’ve received 2 DDoS alerts from my provider (Netcup), both are ~3 gigabits. They seem to be coming from other Tor relays.I’m running an Invidious like instance on my server (which uses around 600 megabits) but I have a 2.5 gigabit port. So I configured my Tor relay to use 300-400 megabits.I’m not sure where that 3 gigabit of data comes from.I have lowered my advertised bandwidth to 100 megabits, would that be enough to prevent these kind of issues?Kind regards,Rafo
Reducing the advertised bandwidth does not help. ;-) In general, one tor instance will rarely reach 100 megabits.
There is little you can do on the server against targeted DDoS. But you can stop IPs with a lot of connections to your tor daemon using dynamic exit police¹ or dyn. IP/nftable rules². For targeted help, you should specify the type of relay you have and your OS.
https://gitlab.torproject.org/tpo/community/support/-/issues/40093
¹https://github.com/artikel10/surgeprotector
²https://forum.torproject.org/t/is-tor-network-resistant-to-tcp-syn-flood-dos...