dos: Add changes file for ticket 24902

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-30 09:15:33 -05:00 · 2018-01-30 09:15:33 -05:00 · 9aca7d4730
parent e58a4fc6cf
commit 9aca7d4730
1 changed files with 13 additions and 0 deletions
--- a/changes/ticket24902
+++ b/changes/ticket24902
@ -0,0 +1,13 @@
+  o Major features (denial of service mitigation):
+    - Give relays some defenses against the recent network overload. We start
+      with three defenses (default parameters in parentheses). First: if a
+      single client address makes too many concurrent connections (>100), hang
+      up on further connections. Second: if a single client address makes
+      circuits too quickly (more than 3 per second, with an allowed burst of
+      90) while also having too many connections open (3), refuse new create
+      cells for the next while (1-2 hours). Third: if a client asks to
+      establish a rendezvous point to you directly, ignore the request. These
+      defenses can be manually controlled by new torrc options, but relays
+      will also take guidance from consensus parameters, so there's no need to
+      configure anything manually. Implements ticket 24902.
+