[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] drop in bandwith - because of fail2ban rule?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] drop in bandwith - because of fail2ban rule?
From: tor@xxxxxxxxxxxxxx
Date: Mon, 23 Feb 2015 18:13:09 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 23 Feb 2015 12:13:52 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Mail-reply-to: tor@xxxxxxxxxxxxxx
Organization: tor@xxxxxxxxxxxxxx
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Roundcube Webmail/1.0.5

hi

i am wondering , because i constantly becoming less and less traffic /or given Bandwidth for a Tor exit relay with a bunch of flags ..the exit is on a debian, vserver with quit a lot of machine powerbehind,has it own IPv4 and there is also enough bandwidth (i checked thisregulary with speedtests or fake downloads of whatever distros)

https://atlas.torproject.org/#details/2AC2306BD625A9DD75532886842C268C3CDBBC9C

i didnt change anything in configuration, beside one small thing

after getting dozens of apache errorcode 504 port 80 and 443 to theTor-IPv4.. and so i startet to make a fail2ban rule,because this doesnt make sense, also this comes often from a variety aofIPv4 en block from russia, china, korea (mostly) - so i optet forfail2ban more than ignoring these errors.

This is the only thing i could imagine which connects to the networkdrop (ok some internet police whitehat watchers argue there is badtraffic here and than .. but this is "normal" i guessed for tor-exit)So i turned my rule of some 2-3 days, to see if this makes the drop inbandwidth - no effect. So i restartet back the fail2ban rule.

So my question - tor hides in port 80 / 443 traffic - is this what imistakingly block / or interfere .. or how this drop from near 14 Mb to1,9 Mb is explainable? (while normal traffic on server goes well)


thx, viisauksena


(for completeness example of logoutput and fail2ban-regex )
# basicly i want to stop these lines

# default-178_254_XXXXXX:443 104.245.96.249 - - [10/Feb/2015:16:52:07+0100] "GET /" 400 549 "-" "-"


[Definition]
failregex = [^ ]+ <HOST>.*"GET /" 400 5[0-9][0-9]


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Prev by Author: Re: [tor-relays] "Very Safe" Exit Policy
Next by Author: Re: [tor-relays] Changes in network traffic pattern
Previous by thread: Re: [tor-relays] multi tor instance support for startup scripts
Next by thread: [tor-relays] Relay Node not acquiring Guard Flag.
Index(es):
- Author
- Thread