dos: Add changes file for ticket 24902

author David Goulet <dgoulet@torproject.org>

Tue, 30 Jan 2018 14:15:33 +0000 (09:15 -0500)

committer David Goulet <dgoulet@torproject.org>

Tue, 30 Jan 2018 14:18:16 +0000 (09:18 -0500)
author David Goulet <dgoulet@torproject.org>
Tue, 30 Jan 2018 14:15:33 +0000 (09:15 -0500)
committer David Goulet <dgoulet@torproject.org>
Tue, 30 Jan 2018 14:18:16 +0000 (09:18 -0500)
diff --git a/changes/ticket24902 b/changes/ticket24902

new file mode 100644 (file)

index 0000000..1a2ef95
--- /dev/null
+++ b/changes/ticket24902
@@ -0,0 +1,13 @@
+  o Major features (denial of service mitigation):
+    - Give relays some defenses against the recent network overload. We start
+      with three defenses (default parameters in parentheses). First: if a
+      single client address makes too many concurrent connections (>100), hang
+      up on further connections. Second: if a single client address makes
+      circuits too quickly (more than 3 per second, with an allowed burst of
+      90) while also having too many connections open (3), refuse new create
+      cells for the next while (1-2 hours). Third: if a client asks to
+      establish a rendezvous point to you directly, ignore the request. These
+      defenses can be manually controlled by new torrc options, but relays
+      will also take guidance from consensus parameters, so there's no need to
+      configure anything manually. Implements ticket 24902.
+
author	David Goulet <dgoulet@torproject.org>
	Tue, 30 Jan 2018 14:15:33 +0000 (09:15 -0500)
committer	David Goulet <dgoulet@torproject.org>
	Tue, 30 Jan 2018 14:18:16 +0000 (09:18 -0500)