Releases: Enkidu-6/tor-ddos
Releases · Enkidu-6/tor-ddos
v5.0.3
v5.0.1
v5.0.0
This is a major release and a complete rewrite of the script. The naming convention for ipsets have also changed to reflect the diversity of different setups. This means that your current ipsets will be wiped and will populate from scratch. However no reboot or restart of Tor is necessary and there will be no downtime.
- There's now a single script for all setups. Whether you have one IP and one ORPort, or two ORPorts, or multiple IP addresses and multiple ORPorts, all you need is to run multi.sh.
- Added two sample files, ipv4.txt and ipv6.txt that you need to populate with your IP address/addresses and ORPort/ORPorts before running the script. Some of the other scripts also depend on these two files, so all files should be kept in a single directory.
- Added conntrack.sh . It will give you a view of your conntrack table. It also shows you the IP addresses that have more than 2 established connections to your ORPort, How many have two connections or one connection, and how many of those connections belong to relays.
- Added a hashlimit rule to deal with the changed nature of the current attacks.
- The script will also generate a file by the name rules.sh which shows you the exact rules that were applied in plain text and in iptables rules format.
As always I rely heavily on your feedback and suggestions as I don't have all possible setups that each user might have, so please keep your feedback coming and help make the scripts better.
Cheers.
v5.0.2
v4.1.1
- This version is the last version prior to version 5.0 which will be a major rewrite of the script and to be released shortly.
- A few cosmetic changes and some cleanup.
- Added conntrack.sh which gives you a picture of your conntrack table.
- Creating this version for historical reasons and to have a final, clean and complete sample of the old version just in case you need to revert back.
V4.1.0
- Snowflake has now more than one IP address. Scripts have been updated to pull all snowflake addresses and update the allow list.
- As before, I suggest you run a cron job with refresh-authorities.sh once a day to refresh your allow list with the most up to date addresses of authorities and snowflake, even though they may not change as often.
v4.0.1
v4.0
Some modifications due to a change in the nature of the attacks.
- Re ordered rules for more efficiency and reducing the load
- Removed the hashlimit rule as it puts more load on the system with not much overall benefit as the attackers have adapted to it and it reduces the size of the block list.
- Reduce the number of allowed concurrent connections to 2 if you're not a relay.
- Use of scripts remove.sh if you have one instance of Tor or both remove.sh and remove2.sh if you run two instances of Tor with a cron job at intervals of approximately 5-10 minutes is now recommended. This will allow relays to create a maximum of 4 connections.
v3.1.0
- Modified all scripts to look for the latest IP addresses for Authorities and snowflake before adding them to the allow-list. This will ensure you'll have the correct IP addresses each time you run the script, even if those IP addresses change from time to time.
- Modified the update files to reflect that change.
- You can update your rules and lists by running the appropriate update file in the update directory.
- The update files can now be used to update to the newest version at any time, regardless of what version you previously had.
v3.0.1
The IP Address for one of the Tor Authorities, moria1 has changed. Modified the scripts to reflect that. Please run the following commands to modify your ipset without having to apply the whole script.
ipset del allow-list 128.31.0.34
ipset add -exist allow-list 128.31.0.39