DoS mitigation tips

Denial-of-Service (DoS) Protection

Anyone relays, especially exit and directory relays, are vulnerable to DoS attacks that can degrade performance or disrupt services. Anon provides built-in DoS mitigation options to protect relays from excessive circuit creation, connection flooding, or stream abuse. Below are some parameters that can be configured in your anonrc file for enhanced protection.

πŸ”ΉCircuit Creation DoS Protection

Protects your relay from excessive circuit creation attempts.

DoSCircuitCreationEnabled 1
DoSCircuitCreationBurst 30
DoSCircuitCreationRate 3
DoSCircuitCreationMinConnections 3
DoSCircuitCreationDefenseTimePeriod 3600 seconds
DoSCircuitCreationDefenseType 2

DefenseType 2 will refuse circuit creation for the defined period if thresholds are exceeded. Helps prevent CPU exhaustion from malicious circuits.

πŸ”ΉConnection Flooding Protection

Limits the rate and number of incoming connections to avoid exhaustion.

DoSConnectionEnabled 1
DoSConnectionDefenseType 2
DoSConnectionMaxConcurrentCount 50
DoSConnectionConnectRate 20
DoSConnectionConnectBurst 30
DoSConnectionConnectDefenseTimePeriod 24 hours

DefenseType 2 immediately closes excessive new connections. Recommended for middle and exit relays exposed to public traffic.

πŸ”ΉStream Abuse Protection

Protects against exit traffic generating too many streams per circuit.

Only needed for exit nodes.

πŸ”ΉHidden Service DoS Protection

Protects your hidden service from introduction/rendezvous DoS attacks.

Includes: Proof-of-Work requirements Rate-limiting on intro points

πŸ”ΉDisable Single-Hop Client Rendezvous

If you're running any type of relay, you can disallow single-hop client circuits to further reduce abuse, but it's completely optional.

πŸ”ΉRTFM

For a better understanding of DoS mitigation strategies and configurations, please refer to the Anon Manual under

DENIAL OF SERVICE MITIGATION OPTIONS

The manual offers technical explanations and guidance to help you tailor your relay's defenses effectively.

Manual