[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] DDOS?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] DDOS?
From: Matthew Finkel <matthew.finkel@xxxxxxxxx>
Date: Sat, 29 Dec 2012 21:44:35 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 29 Dec 2012 21:49:30 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:date:from:to:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=gOEdr1N5eOGpXiOlfYIRPuZgycfKOj19YAia+GG8YcY=; b=QWhI+ONNV8HkPliAWt/ia1Zn8yFWIGiXkp4J2vEtn7keziUnl2jg67or70KiYggKX/ +qXb0lvRJuLSpgRyO+NhGwq2jGA+MAsCu1xgo0V6Z3VVFBQQbsUkSwV9lzk9XmhYt7lw 1ZV7Zve3kIbwPIRaj+hofCEbO3lS6mrDyN4YhYzBbNM4MMNWZ52WKuQVm/058DarOGvp coKWfu9P8DkqI7NLrdG3QjRZfn2V5avzWY1eMhSNKEKfcTo5Q9o9RaqWwMpLl+FBSYNr Kzpj8tchJFPJNd6niJLo5oQZCrLVwYe90hZGBXXKqz8zmmDaGm5pmRqgXh8TSo+toNU2 Oo+w==
In-reply-to: <20121229234429.3afe9258@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <20121229220759.014531f4@xxxxxxxxxxxxxxx> <20121229234429.3afe9258@xxxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.21 (2010-09-15)

On Sat, Dec 29, 2012 at 11:44:29PM +0000, mick wrote:
> On Sat, 29 Dec 2012 22:07:59 +0000
> mick <mbm@xxxxxxxxxx> allegedly wrote:
> > 
> > I shut tor down while I investigated and when running nethogs I
> > noticed a shed load of attempted connections to my tor port (443) from
> > non-tor addresses. A snapshot is at
> > http://rlogin.net/tor/incoming.png 
> > 
> > Anyone else seeing anything similar? I can't believe I'm the only node
> > being poked.
> 
> On further investigation, I think many of those addresses are likely
> to be tor related, possibly clients attempting to join tor through my
> node.
> 
> How long does it take from the time a node is shut down to the point
> where no-one will attempt to connect through it? 
> 
> Mick

Hi Mick,

Technically clients will attempt to use your node until the majority of
the directory authorities agree your node is no longer reachable (should not
take more than a little over 1 hour, assuming I understand the code
correctly) plus 3 hours (a client considers a consensus valid for at most 3
hours), so roughly 4 hours. However, because some clients have incorrectly
set clocks, connections will most likely trickle in past this point. I
think after 5 hours no valid clients should still try to connect.

HTH,
Matt
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] DDOS?
  - From: mick

References:
- [tor-relays] DDOS?
  - From: mick
- Re: [tor-relays] DDOS?
  - From: mick

Prev by Author: Re: [tor-relays] Complaint about spam originating from my server
Next by Author: [tor-relays] DDOS?
Previous by thread: Re: [tor-relays] DDOS?
Next by thread: Re: [tor-relays] DDOS?
Index(es):
- Author
- Thread