[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] anyone else with this issue?

To: "tor-relays@xxxxxxxxxxxxxxxxxxxx" <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-relays] anyone else with this issue?
From: "The Doctor [412/724/301/703/415/510]" <drwho@xxxxxxxxxxxx>
Date: Sun, 30 Aug 2020 16:24:05 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 31 Aug 2020 04:03:03 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtadpt.net; s=protonmail; t=1598804656; bh=lWaN95FMwXZ76SDw7qXuhXBjcDcUVO484wG2HgwDe5w=; h=Date:To:From:Reply-To:Subject:In-Reply-To:References:From; b=H18kpO+56VulyPj7b1SlO5fQ6luJ/alh6O0CWWlcmb7kNCPiGHh+fk24Le1OCcv9h mHd86meXFVr/Cb1u9ii+pZkdID1Jsj7Rj+ro23oiXhly1niDqSifThsfGGXax1sZzX 9qkC+J/e4J1LDl6GIpK+B+/q/1QMFCA54VHQioNY=
In-reply-to: <A7F5D9CF-A792-49D3-A38E-0B5921DB714E@to-surf-and-protect.net>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <29C226AA-5F22-423D-8905-C377BD276F5F@to-surf-and-protect.net> <0291B847-C317-4BC6-B464-3DCA7162D9DD@quintex.com> <20200825192017.GG4255@moria.seul.org> <4cb22fca-0d5c-b11b-3bf7-7e038c071fc6@gmx.de> <A7F5D9CF-A792-49D3-A38E-0B5921DB714E@to-surf-and-protect.net>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, August 25, 2020 2:47 PM, niftybunny <abuse-contact@xxxxxxxxxxxxxxxxxxxxxxx> wrote:

> I got 47 Abuse-Emails while being DDOSed today. Thats in my normal range. Normally when there is
> a bigger bot net scanning port 22 etc I will get over 1000+ abuse mails a day. Could be they are
> scanning ranges that doesn't produce abuse mails or they do something otherwise fishy. No clue
> right now. With over 1 million extra sockets alone on my servers I am sure he/she/it has some
> beefy hardware.

I think I'm getting hit, too.  I can't SSH into Parker anymore, even after a hard reboot.  I can still communicate with Systembot normally, though.  He might be out of available network sockets for sshd to respond to connection attempts.  I'm considering blowing away the node and building a new one.

I seem to recall something about an attacker DDoSing individual Tor nodes to help isolate where a given hidden service is running.  Could this be a manifestation of that attack?

The Doctor [412/724/301/703/415/510]
WWW: https://drwho.virtadpt.net/
The old world is dying, and the new world struggles to be born. Now is the time of monsters.

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] anyone else with this issue?
  - From: niftybunny
- Re: [tor-relays] anyone else with this issue?
  - From: John Ricketts
- Re: [tor-relays] anyone else with this issue?
  - From: Roger Dingledine
- Re: [tor-relays] anyone else with this issue?
  - From: Toralf Förster
- Re: [tor-relays] anyone else with this issue?
  - From: niftybunny

Prev by Author: Re: [tor-relays] Guard flag got removed after only 48 hours of downtime.
Next by Author: Re: [tor-relays] How many threads needed for unbound at a fast relay?
Previous by thread: Re: [tor-relays] anyone else with this issue?
Next by thread: Re: [tor-relays] anyone else with this issue?
Index(es):
- Author
- Thread