[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Possible DDoS

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Possible DDoS
From: Julien ROBIN <julien.robin28@xxxxxxx>
Date: Fri, 26 Dec 2014 14:27:09 +0100 (CET)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 26 Dec 2014 08:27:26 -0500
In-reply-to: <549D4743.9020704@xxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi,

My advice is to try to ask them is they are OK to let you a second chance to let your relay running. Tell them that if such a big attack happen again so you shut it down and you don't disturb them anymore with it.

Also, a "Good Point" to get if it's not already done, set your reverse DNS to something that hackers will instantly recognize (torproxy.something.readme ...), it reduces the risk of DDoS problems (those who drives DDoS attacks often know what is Tor, may be some of them are using it everyday). Tell you ISP if you do so, in order to say them that you improved somethong to reduce the risk for it to happen again.

On one of my relays, enabling that after month without, made a very very big difference (several DDoS per month -> nothing now).

If your relay have been running for several month now without any problem, and if most of the DDoS attacks should be smaller that the one you got, may be they can be OK for a second chance!

Good luck ;)




----- Mail original -----
De: "Christian Burkert" <post@xxxxxxxxxxx>
Ã: tor-relays@xxxxxxxxxxxxxxxxxxxx
EnvoyÃ: Vendredi 26 DÃcembre 2014 12:32:19
Objet: [tor-relays] Possible DDoS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi *,

I'm running a non-exit Tor node for a few months now on a virtual server
hosted in a professional datacenter.

That's the node:
https://globe.torproject.org/#/relay/4C246EA9C950B872FD77F761CEAAB41D93D9764D

Yesterday, December 25th, the support wrote me, that my server is
under a DDoS attack with 2GBit/s lasting over more than two hours. So,
the hoster black holed my traffic to protect the other customers.

The hoster wanted to know which services I'm running and told me that
if I continue running Tor and further attacks will happen, then I
would have to bear the costs.
Eventually, I took down the Tor node to avoid further confrontation.

Now I seek for your interpretation of this event:
- - Has there been more recent incidents against Tor nodes?
- - How can I investigate it?
- - How should one react to a hoster? I mean they could have made up the
whole thing...

Looking forward to your comments
Chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQIcBAEBCgAGBQJUnUdDAAoJEHAzZ6ooPDSy0nMP/1lyHPPFBxpAOvEiWL+ijrvA
SPViJvZH/cPUS/11M7qm+bsZa/fbiRk6kY8ADcY8abe1Z8lHzMYPGwZvKaIijiZG
M8hjCHtMWLipO6iLmVfFskDtRn37Ga2ibEhGkVesDV53kPcotgg4i7tIqIuNb11X
Gnkk+WpYwkrS9nPZjYNLmce093s4lux/N5GyRY/gQii+h9mfDJ++W+1ueNU94UQ0
bvK1wF7MdicWlu0kR49hCgFtDFh7uUjP87MPZmmQYHI82qWhTJxqOuuImrnJew2k
pCFSzn03x/hXg1QFNPNLsqHU9OhUob3/z17Azcpbir15mY4/YE7Gq14/LBM+FKh0
LqGjzaVbQo0hs0kE2yFk5sEP0Dsv5aiOUItqFIMTG52FYZ6cUh/eTxMd6vblHwfU
ujil0rFCRqtmbF6wIDBuXDxc0fmdaRMWTDfSlPxYGkfUaq1tSea1OAvjFpheOcNM
wu9QiTSq9BTLY010iHSYQDknSr+gFkc/ooNLsPV1AAZFyMlG0epLww6tqR7C9hZq
RyEX9piqGal7mU56gETxhDrD0Z/aKgXMbS+KvYfZhopGWEVg5vbWPGxAId53nhr6
hjvLyFmy68hBdbOB/pvp8qvw8veQR3niiHIxhxAl+BIQzXX45x0uVCPHFUpbbLp5
POIwpEJ46oaz7+cddAHf
=TcPt
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Possible DDoS
  - From: Christian Burkert

Prev by Author: Re: [tor-relays] Relay is down
Next by Author: [tor-relays] According to globe and atlas, bridges have guard flags, while they actually don't have them at all...
Previous by thread: Re: [tor-relays] Possible DDoS
Next by thread: Re: [tor-relays] Possible DDoS
Index(es):
- Author
- Thread