Re: [tor-talk] Many more Tor users in the past week?

[Gordon Morehouse <gordon@xxxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

elrippo:
> Am Dienstag, 3. September 2013, 15:35:04 schrieb adrelanos:
>> New hypothesis: This is an attempt to shut down the Tor network 
>> once and forever.
>> 
>> Might this be an attack on the Tor network with the goal to make 
>> it that slow for everyone, that no one will use it anymore? 
>> (DDOS)
> 
> The Thing on my node's is simply the fact, that TOR Exit's keep 
> DDOS'ing my Router.

Meanwhile, my Tor *relay* is DOSing its own router.  If anybody from
the Raspberry Pi thread is reading (and I'll post it there later if
not when I've observed it more), on 0.2.4.x, the Pi can handle most
circuit storms without crashing (though it still does, quite rarely),
but somehow it's causing my NAT router to partially/completely fail
and I still haven't figured out exactly how.  It starts happening
*before* the ip_conntrack table is full, and it's considerably smaller
than the point at which ip_conntrack entries can trigger the OOM
killer, so I don't know yet what's causing it.  The router has also
handled plenty more simultaneous in/out bandwidth in the past.
Regardless, the router starts dropping packets, and killing Tor stops
it, and restarting Tor soon enough (so most connected clients are
still in their retry period before giving up) starts it again immediately.

In fact, I've just woken up - started my Tor node a few hours ago
before going to sleep - and it appears to be starting to beat my
router down now.  Router load isn't high, it doesn't seem out of
memory - when you can hit the status page - but ping times start to
climb or time out, and the first canary to fall over is DNS resolution
(the router "does" DNS via DNSmasq).

Sigh...

> This started with 140 Exit nodes in my daily blacklist. The Past 
> week it did grow to about 220 Exit nodes increasing constantly at 
> 10 more by day. The interesting thing is, that these are always
> the same nodes, so on my behalf this tastes like a botnet.

They're DDOSing *you*?  How so?

Best,
- -Gordon M.

-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJSJ175AAoJED/jpRoe7/ujswcIAMCvTRWuBkyktpQp6RgzB46i
UVtPDf3VrMYNhprUYxmDx7LMXVwQtOwKtiK6poMBbiheJkj1ut/xRG0D/fvPg94q
+TZfQQPCH4Imvy9c23vF7/uCDKoMx+tGYUKqbqThhZAuZGLMnmsUQQLS2ehq0YC8
iQiL+YYVAgTRfkiU2VvVDnP0TMjYspH9yn1VkkaNZanQFCZH1Br3tHjVxg/lSOje
sA1ShlWs1kfBd9/GbItkH3g8ZBuKO7i/aAOlpiZRkEA0ZmBX5tuhhuey06bqcky0
zNbRCp87OEPsryDApjdhrybWrLo0dw302DC0S+SnUJ4j7gRz4cE/kvTDMnmE9Jo=
=hhRF
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk