[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Traffic in port 9050 in a relay (denial of service attack?)

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Traffic in port 9050 in a relay (denial of service attack?)
From: Kevin Steen <ks@xxxxxxxxxxxxxx>
Date: Wed, 06 Nov 2013 10:30:30 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 06 Nov 2013 06:09:17 -0500
In-reply-to: <20131106060949.GA24476@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CAGT8D4PJXzsTzcn9qPCPYmWiXoZ2C3xbZpLhEOHHnCvZLOnz+A@xxxxxxxxxxxxxx> <2826286.SjnxGMFDgD@vostok> <CAGT8D4Nfmw_fTqABcZT_fS28v6vT7awV+1t0xwvsFgs5RMV0dQ@xxxxxxxxxxxxxx> <CAKqc3T4V+M12xgwwde_P6DDo3dN+1RxRy58MmTZCxyTL9R6FLw@xxxxxxxxxxxxxx> <20131106060949.GA24476@xxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130922 Icedove/17.0.9

On 06/11/13 06:09, Andreas Krey wrote:
> On Tue, 05 Nov 2013 14:09:40 +0000, Thomas Hand wrote:
> ...
>> Also, use iptables! If it is a dedicated VPS then drop anything you dont
>> recognize,
> 
> What for? The ports that you want to block are rejected by the kernel
> anyway, as there is no one listening. (The minor added protection that
> malware needs to be root to disable iptables and effectively listen -
> is that worth the work?)

Dropping bad requests will reduce your bandwidth usage through not
having to send TCP RST responses, and will also increase the workload of
the attacker as they'll have to wait for a timeout on each connection.

I wouldn't recommend dropping everything, though, as it makes
troubleshooting very difficult - just drop connections to ports which
get attacked.

-Kevin
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Traffic in port 9050 in a relay (denial of service attack?)
  - From: mick

References:
- [tor-relays] Traffic in port 9050 in a relay (denial of service attack?)
  - From: jj tor
- Re: [tor-relays] Traffic in port 9050 in a relay (denial of service attack?)
  - From: Paritesh Boyeyoko
- Re: [tor-relays] Traffic in port 9050 in a relay (denial of service attack?)
  - From: jj tor
- Re: [tor-relays] Traffic in port 9050 in a relay (denial of service attack?)
  - From: Thomas Hand
- Re: [tor-relays] Traffic in port 9050 in a relay (denial of service attack?)
  - From: Andreas Krey

Prev by Author: Re: [tor-relays] exit and skype
Next by Author: Re: [tor-relays] Ingoing & Outgoing connections
Previous by thread: Re: [tor-relays] Traffic in port 9050 in a relay (denial of service attack?)
Next by thread: Re: [tor-relays] Traffic in port 9050 in a relay (denial of service attack?)
Index(es):
- Author
- Thread