[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Bridge Sees 100x Clients Starting 2019-08-31

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Bridge Sees 100x Clients Starting 2019-08-31
From: Porcelain Mouse <porcelain_mouse@xxxxxxxxxxx>
Date: Wed, 18 Sep 2019 20:46:53 -0700 (PDT)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 19 Sep 2019 00:40:56 -0400
In-reply-to: <20190918191100.ha6iov5jeot67dop@nymity.ch>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <nycvar.YSQ.7.76.44444.813.1909161208360.10706@ybpnyubfg> <20190918191100.ha6iov5jeot67dop@nymity.ch>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Alpine 2.21.99999 (LFD 368 2019-09-06)

On Wed, 18 Sep 2019 12:11, Philipp Winter wrote:

On Mon, Sep 16, 2019 at 12:25:03PM -0700, Porcelain Mouse wrote:
1) Can we be pretty sure the bulk of this sudden increase in users isabuse traffic? If not, is this a problem?
Are most of your new clients from Iran? We believe that some popularthird-party software started using our bridges, causing these spikes.

Funny story...my ISP forced an IP changed on me yesterday. Now I'm notgetting any traffic at all. From a recent thread on this list, Iunderstand that it could take a while to get back to normal. But, in anycase, I cannot check, now. I'll keep that in mind, though, if I getblasted again.

>> 2)What should I do about it, if anything?
There's not much to do at this point. If this is becoming a burden foryour bridge, you could change its port(s), which may get rid of thesethird-party users -- at least temporarily.

Okay, thanks for that suggestion. I will keep that in my bag of tricksfor the future. I didn't know that could slow down attacks.

3) Would using obfuscation help this problem?
I'm not sure what protocols this third-party software uses. Sinceyou're asking, I assume your bridge only runs vanilla Tor?

I run RPM-base distro and would prefer to stick with packages I can geteasily. But, I could build tor for myself, if it came to that. I wasspecifically thinking of obsf4 when I asked this question, but I onlylooked into it, briefly, and don't know exactly how it works. I seemslike it answers connections for tor, ala inetd and tcp wrappers, and youcan just add it to your torrc. Is that not right? Anyway, I guess itdoesn't matter, the issue has passed. I just saw your call for obsf4 andcouldn't figure out what it does that is useful to the project. I want mynode to be useful.


P.S. Sorry about misspelling your name.

--
PMouse
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Bridge Sees 100x Clients Starting 2019-08-31
  - From: Philipp Winter

References:
- [tor-relays] Bridge Sees 100x Clients Starting 2019-08-31
  - From: Porcelain Mouse
- Re: [tor-relays] Bridge Sees 100x Clients Starting 2019-08-31
  - From: Philipp Winter

Prev by Author: Re: [tor-relays] Bridge Sees 100x Clients Starting 2019-08-31
Next by Author: [tor-relays] Bridge Sees 100x Clients Starting 2019-08-31
Previous by thread: Re: [tor-relays] Bridge Sees 100x Clients Starting 2019-08-31
Next by thread: Re: [tor-relays] Bridge Sees 100x Clients Starting 2019-08-31
Index(es):
- Author
- Thread