[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] DoS from my tor guard VPS

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] DoS from my tor guard VPS
From: Arisbe <arisbe@xxxxxxx>
Date: Tue, 15 Nov 2016 12:41:09 -0800
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 15 Nov 2016 15:45:14 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0

One of my tor guard relays is a medium size VPS operating in the CzechRepublic. It's been up and stable for several years. Several weeks agoI was notified that my VPS was a source of UDP DoS traffic. It was shutdown. Logs showed no intrusions.

I installed a different instance of linux, changed my SSH port, addedfail2ban and even installed clamav. I did not make changes to the torexit policy. Then, this week I received the following:


"Hello,

surveillance system detected a disproportionate outgoing DoS traffic onyour VPS torexitcz and then our network under a DDoS attack. Your servertorexitcz has been stopped. This is another problem with your VPS. Yourservice will be terminated.

Thanks for understanding."

Can anyone offer an opinion as to how my relay was used for DoS? How canI avoid this in the future? My goal, as always is to provide stablenodes to the tor network while protecting myself and my VPS supplier.


4061C553CA88021B8302F0814365070AAE617270
185.100.85.101


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] DoS from my tor guard VPS
  - From: Toralf Förster
- Re: [tor-relays] DoS from my tor guard VPS
  - From: Pascal Terjan
- Re: [tor-relays] DoS from my tor guard VPS
  - From: tor-admin

Prev by Author: [tor-relays] proper way to insert PGP key in torrc?
Next by Author: Re: [tor-relays] Problem with sendmail on relay
Previous by thread: Re: [tor-relays] obfs4 - how to from source
Next by thread: Re: [tor-relays] DoS from my tor guard VPS
Index(es):
- Author
- Thread