[tor-relays] Attack on Tor exit and back-up directory server

To: "tor-relays@xxxxxxxxxxxxxxxxxxxx" <tor-relays@xxxxxxxxxxxxxxxxxxxx>

Subject: [tor-relays] Attack on Tor exit and back-up directory server

From: potlatch <potlatch@xxxxxxxxxxxxxx>

Date: Thu, 15 Aug 2019 18:22:17 +0000

Delivery-date: Sun, 18 Aug 2019 22:31:25 -0400

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=default; t=1565893340; bh=sNP7am4V3ySTPFX9knD5AoWXj327KIMaMqr4TDyfazA=; h=Date:To:From:Reply-To:Subject:Feedback-ID:From; b=gmO6MU3Fdck7rJPK25hfgUFYBUzrG9o11u9R8ZDRFvKzcnMbDFX9Y1QhH+ZiJJtZV ZjYFFe5g/9SYYJONfpYb9/PfFi24Z24XtezGG+DIqRZePCyqjb15MyuCij/JmaveBx rGsrtaJRfxPN7/tqkZTH1JJxYvkmNG00fUKOBEBs=

Feedback-id: JCf3d0soAttaB_OpNPJ20ohR2llANMLwzqA_A6HtVytqRrobPzyTJ7oqmKBf_nxRTtXIC9lwlIwkWthaPBUkDQ==:Ext:ProtonMail

List-archive: <http://lists.torproject.org/pipermail/tor-relays/>

List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>

List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>

List-post: <mailto:tor-relays@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>

Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Hello All,

I commented and questioned earlier about significant slowing of one of my Finnish exit relays [1] and potential DoS attack. I took the server off line and did the best job I could hardening it. The host does not have DoS protection and uses Xen OpenVZ as his VPS manager. I was getting "nf_contract: table full, dropping packet." errors by the 1000s. That's fixed and I'm back on the Tor net now.

One question remains: At any time I look there are 20-150 Iranian IP addresses trying to access the Tor server. Their IP range is from 5.113.x.x to 5.126.x.x. None have hashed fingerprints. Is it okay to let these guys go? Can they harm or slow Tor? Should I ban them? I'd like to learn from this.

-potlatch

Sent with ProtonMail Secure Email.

_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays