[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] DoS from my tor guard VPS

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] DoS from my tor guard VPS
From: Pascal Terjan <pterjan@xxxxxxxxx>
Date: Tue, 15 Nov 2016 20:57:51 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 15 Nov 2016 15:58:19 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=iQkoo5xIWVgZ+pIrheWdhZM2ejFr+XjbrsnA6hrWO6U=; b=K6F7F4YYbmCuuQcUscn15bLMrL83ACbQQrrXfrjroWXwlKzZdc0MPh+cKocnDNoCKt /DAz8gnaJt1EPGLjWg+UZZ3mTmfTSsyZjrR6Ehm/BV4McJA9djTFnIEFmttuCwvkla++ D8c1N0UElGbtKpSAzs+84DhZ9FpHuzRdnTbJR2CPMtJvcciIHQle4hRlFDQxM58wf+8q XUzR5IXT8rPtktc0S8PDpnUS1JxVfaPlJhTb9vSYABZY+zErVykqOH6q+0aCk6qoWPFu rFlZOGKdP6Hy/61Nao0H5hSYiJfB1sQ8U3sb9nDPojiqH61KLmcmZRf0rczE/WE0Ifje 6qDg==
In-reply-to: <c17f29f8-a02c-da6f-2a2e-0336d6745660@cni.net>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <c17f29f8-a02c-da6f-2a2e-0336d6745660@cni.net>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On 15 November 2016 at 20:41, Arisbe <arisbe@xxxxxxx> wrote:
> One of my tor guard relays is a medium size VPS operating in the Czech
> Republic.  It's been up and stable for several years.  Several weeks ago I
> was notified that my VPS was a source of UDP DoS traffic.  It was shut down.
> Logs showed no intrusions.
>
> I installed a different instance of linux, changed my SSH port, added
> fail2ban and even installed clamav.  I did not make changes to the tor exit
> policy.  Then, this week I received the following:
>
> "Hello,
> surveillance system detected a disproportionate outgoing DoS traffic on your
> VPS torexitcz and then our network under a DDoS attack. Your server
> torexitcz has been stopped. This is another problem with your VPS. Your
> service will be terminated.
> Thanks for understanding."
>
> Can anyone offer an opinion as to how my relay was used for DoS? How can I
> avoid this in the future?  My goal, as always is to provide stable nodes to
> the tor network while protecting myself and my VPS supplier.
>
> 4061C553CA88021B8302F0814365070AAE617270
> 185.100.85.101

Your relay allows exit, and based on the name that seems intentional
If you don't want it to possibly be used for attacks, you should not run an exit
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] DoS from my tor guard VPS
  - From: teor

References:
- [tor-relays] DoS from my tor guard VPS
  - From: Arisbe

Prev by Author: Re: [tor-relays] Blocking PSN
Next by Author: [tor-relays] Stats not updated for several days?
Previous by thread: [tor-relays] DoS from my tor guard VPS
Next by thread: Re: [tor-relays] DoS from my tor guard VPS
Index(es):
- Author
- Thread