[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] DoS attack on Tor exit relay

To: <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-relays] DoS attack on Tor exit relay
From: <gerard@xxxxxxxxxxxx>
Date: Tue, 6 Aug 2019 11:57:51 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 06 Aug 2019 09:24:06 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=bulger.co.uk; s=mail; t=1565089070; bh=t3KDAsAow9QL76zcJfsS1wcMFLgk/aJIIjR07MmhEfY=; h=From:To:References:In-Reply-To:Subject:Date:From; b=ddCJ+wsgBKmE9bY3Sx3pU7L6vRoyhr/29e89/PmpEGNDPlDTK2G5OT7p9TNJC8Wq/ /4wjsw/jH5F8DMrhC1sCNvNKes6flKgctvya97+yimdv9OABTBf4jK1IX3zhNtlpje h47w1R5tYfaeb9LihZR+uqF6Y7viiBAxvtedvWzw=
In-reply-to: <o0LVZaz6WuFs-HjrxEM7oDtVD4uAjJGil-BBY9n9HWTFnOwWr6ZwTUBAEZCo212UshCXeFJbajbnxF4s00J1k4KyJ99mHZlqzlxO75FJ9yU=@protonmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays $exit, non-exit, bridge$" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <UCE2yOt3j5aVTKaJNFoM9zhqsvt93YoNeLjkIikW0wbIss4q3eZeMxooQ-GurcRxzXBfd9__N7zkVabJolStsSMtsJTGYhndBppvd-SmDog=@protonmail.com> <34D35ED9-6575-4252-B978-D5B17C62B86B@linux-hus.dk> <3b45bceb-0db8-515f-0806-148155ac54af@cni.net> <CE74D2DB-3C04-4208-A35A-47B4C652604C@riseup.net> <018001d5485a$988a13a0$c99e3ae0$@bulger.co.uk> <o0LVZaz6WuFs-HjrxEM7oDtVD4uAjJGil-BBY9n9HWTFnOwWr6ZwTUBAEZCo212UshCXeFJbajbnxF4s00J1k4KyJ99mHZlqzlxO75FJ9yU=@protonmail.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
Thread-index: AQJJ1gEElq7146fEf9ZPP8FvDiSPwwJjEiVCAsHjV78CIB/3dQGjFqk1AbQtbq2lr/q04A==

Thanks.  I just could not see how Fail2ban would work on an ORport.  What log would it look at?  What criteria for the jail?   The fai2ban on my non-tor VPS does not yet work with IPv6,  which is partly the nature of IPV6 rather than a programming issue.  I did not realise IPV6 was ignored until a weak email account was found.  So I firewalled off most IPv6 ports instead.

-----Original Message-----
From: tor-relays <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx> On Behalf Of potlatch
Sent: 05 August 2019 00:04
To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] DoS attack on Tor exit relay

Gerry,
At this point I have no working scripts for Tor/fail2ban.  Be happy to share if they ever materialize.  Fail2ban is sorely lacking documentation--or at least I can't find detailed docs.  I downloaded fail2ban on current debian and ubuntu VPS and got different version numbers--none were the current release.  Stay tuned or give a hand.
-potlatch


Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, August 1, 2019 4:16 AM, <gerard@xxxxxxxxxxxx> wrote:

> Can we have your fail2ban scripts for the OR port? The jail and rules?
>
> Gerry
>
> -----Original Message-----
> From: tor-relays tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx On Behalf Of teor
> Sent: 01 August 2019 00:28
> To: tor-relays@xxxxxxxxxxxxxxxxxxxx
> Subject: Re: [tor-relays] DoS attack on Tor exit relay
>
> Hi,
>
> > On 1 Aug 2019, at 02:27, Larry Brandt lbrandt@xxxxxxx wrote:
> > Yes, I have fail2ban installed but the attack is focused on my ORPort
>
> 9001.  Similarly, I have an external firewall but it permits 9001 port
>     passage.
>
>     If you're trying to prevent too many connections, you can adjust the DoS
>     torrc options:
>     DoSConnectionEnabled 1
>     DoSConnectionMaxConcurrentCount 1
>     DoSConnectionDefenseType 2
>
>     If that works, try adjusting DoSConnectionMaxConcurrentCount a bit
>     higher: 10 or 25 are good values.
>
>     T
>
>     --
>     teor
>
>
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] DoS attack on Tor exit relay
  - From: lists
- Re: [tor-relays] DoS attack on Tor exit relay
  - From: TorGate

References:
- Re: [tor-relays] DoS attack on Tor exit relay
  - From: gerard
- Re: [tor-relays] DoS attack on Tor exit relay
  - From: potlatch

Prev by Author: Re: [tor-relays] Measuring the Accuracy of Tor Relays' Advertised Bandwidths
Next by Author: Re: [tor-relays] DoS attack on Tor exit relay
Previous by thread: Re: [tor-relays] DoS attack on Tor exit relay
Next by thread: Re: [tor-relays] DoS attack on Tor exit relay
Index(es):
- Author
- Thread