[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Recent wave of abuse on Tor guards

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Recent wave of abuse on Tor guards
From: niftybunny <abuse@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 22 Dec 2017 08:25:00 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 22 Dec 2017 02:25:28 -0500
In-reply-to: <CB75BF06-8B6F-401A-811C-25A4C3195624@gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <8f01df569672b279b6951fe63992744e@wardsback.org> <20171221194246.5c635ec2.mbm@rlogin.net> <5A3C2393.5090005@quantentunnel.de> <20171221230855.GD5371@moria.seul.org> <CB75BF06-8B6F-401A-811C-25A4C3195624@gmail.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Still under heavy attack even with the MaxMemInQueues and 0.3.2.8-rc. I need 2 xeons to push 30 mbit as a guard/middle …

Markus

On 22. Dec 2017, at 00:25, teor <teor2345@xxxxxxxxx> wrote:

On 22 Dec 2017, at 10:08, Roger Dingledine <arma@xxxxxxx> wrote:

(Connection refused; CONNECTREFUSED; count 18; recommendation warn;
host DAC825BBF05D678ABDEA1C3086E8D99CF0BBF112 at 185.73.220.8:443)

So - I get loads of CONNECTREFUSED whilst coming up (presumably because
of the attack) and then come fully back online.

IMO your tor searches for guards and they are under load, gone or lost
their guard flag. Finally you found a guard :)

Yes, I agree. (Though if they were gone or lost their guard flag,

Gone, yes.

But don't client circuits try previously selected guards, even if they don't
have the guard flag right now?
(I know we don't re-weight guards as new consensuses arrive. I don't know
if we ignore them once they lose the guard flag.)

you
would not have tried them and gotten a CONNECTREFUSED. So I think they
are all suffering from the "under load" case. Gosh.)

Yes, this is probably a lack of file descriptors, and new connections are
punished more severely than existing ones.
T
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Recent wave of abuse on Tor guards
  - From: Felix

References:
- [tor-relays] Recent wave of abuse on Tor guards
  - From: fcornu
- Re: [tor-relays] Recent wave of abuse on Tor guards
  - From: mick
- Re: [tor-relays] Recent wave of abuse on Tor guards
  - From: Felix
- Re: [tor-relays] Recent wave of abuse on Tor guards
  - From: Roger Dingledine
- Re: [tor-relays] Recent wave of abuse on Tor guards
  - From: teor

Prev by Author: Re: [tor-relays] Recent wave of abuse on Tor guards
Next by Author: Re: [tor-relays] Recent wave of abuse on Tor guards
Previous by thread: Re: [tor-relays] Recent wave of abuse on Tor guards
Next by thread: Re: [tor-relays] Recent wave of abuse on Tor guards
Index(es):
- Author
- Thread