[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] handle malicous IPv6 systems abusing the /64 hostmask

To: "tor-relays@xxxxxxxxxxxxxxxxxxxx" <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Subject: [tor-relays] handle malicous IPv6 systems abusing the /64 hostmask
From: Toralf Förster via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Date: Sun, 15 Feb 2026 11:07:49 +0100
List-id: "support and questions about running Tor relays (exit, non-exit, bridge)" <tor-relays.lists.torproject.org>
Reply-to: Toralf Förster <toralf.foerster@xxxxxx>
Ui-outboundreport: notjunk:1;M01:P0:O53iDmbN9g0=;AXLf8IzeyJbIjt2C3XRhKkb2+CQ kiN+5VQw3VriuuC538CV5jrdTROD1vr5qbQoadJZOHSuHpKIdSslj7WvjGwhXXB4dFjeJXZEK +Na1Jw9ii1FGTINE6c24nSrJYL/WBhJzf6myp6uY4OsRNzlfoYFr4SlpCQpuZtvFXg8fH7U+0 8catlTx5vkjypNO0nXBSnQevLoHYP9sCa4RpJyr2auxEjYbPJXc83+IEGHjHrEVX+QaSAaI0K TUgnBg677ceWNTJlkYPDl47D4kvkqSuK0OmsWl8Htb3vHatuGpamOWxJYbcPk5QBMeikdP5dd e6msuzTQJpGcSFCQVXDLsI9r4cqyDa1zo1eyoDzl9jTm2UCb72hlwNV6BkVfruagylYw5d5Mp t8NLn1DlDSrWCxTWt6XMBT92d/ynYEyIZAzMe20UhE2zP5ClOM5eZzWkejRkMFOJz46DOJ9qi 6AffUy+bmtgz179Z7aBJtuqR641waydkwznf+0AN02znqhQUd/a3YYX0I3E4DIIuwIel4369T I7WM5H4gNgmY493L1QBoaMaSytZI+p3APUUKIQzNxl/9dv08xkan6vdbStw+mmG7nGlTjPDHs 6NM02sAhVD/h/bbWNcQQcBdupMfQBOYtTtbyX404DM38xW0WP7DV/nXkgjTsJW37RK0ZHNhja YybvjsYt3eDDQFL0tRxAqednH7959MfH1PrPKuug2u30930E709iHN4Mi4K+2HilUCVc3g3Sl N/QB3hemj569EXpHcGLhVxuC786PFxKXSbbylJeum6fHRqXoGtUOegGEzmCtZRodZJi1soosZ G8VuEndalDoaWzP4g1T1t7k+wnjdLHhc6jeXpXl5t6nRZtgwXG9UX9EmwelqQmfy7ZLKRxTcb ebR+E0yUCrfVFx4DxzGAXErLIf/zut4++sKF4NzwKBW6y0LFA+XstIMYmSqY43R/lFCBz+Pkq vqXNipwCcr4aIeVLPFlzK9qJfMSfgcysxp9xEJLaLs5rWzY5IX8Ov10gvsObtgg6wfWmYj+Tc z6Ayed1JtxZIrVKQiyCjA6LW4bhEvXGRRlv9LurNk1LTjMbpJTtGKLoXU2zfWb8MB2VIfoyJ8 srJxgt5GehfCF/pOUaBVhPhUkiu6SPBmUXmL5EE7r74g/u2QVC6YNtt6W4dAnd0ihAguyYMTO IWm69Khf7++eGUZga1U1gKCw8Yvkp75rbke2gRvMUTxvKMeEavJi37xmvrNhBZGYuiXBRTvKr 3Yd/ElB5oyMT9I85UBQn7nz7m0R+4g40+zfG7zx67tMA67cJ5pwjeK5eB7mE9YqqrCFhwOcu/ NN1avlcp5uOW26gKa4+LdiGH6A+Y8FgTExVyjArlcAGTwCACzn6R7HgeiE/PklJcdDjFfweKy r6bquwMNNMoKNIFs6oC7jV0XuLLoPxOAkoRnsSH3ays51TvH+gq8I1BLeTBu00yLV87EKBQsK EwO4haHcggYHK/FwxiRJqNxzPR439IECJRpj/FYCJ1BHG7yRrlGL/+9lMD/WbBua09NG0xcmd 9QG/sPXg9jK4yVJPIEUX3qBIo6FqDSg2oRiU/piwg69YxiX6Z8ICUy1wWN5EbRMjscrq8YQ41 +ZaUm/adMj2rcBmjYnB2uXQP5an6OMvTlACN4DL8OxD7QNG7XHao+Rk3c04uKe2GIPz9WnJvF NeGacyfTa+w3WKFvnluhTouKvC/f6f3hlBW+i1gCsS73uentjI4OG0ob46Y2RVR1mYsw7Kg+3 dpi0KdfO5ihMS+cHvLXa/AzzGjexAgi/lUahtYP2XSApBlG+Oc+/TWAikz+Snlgig8384JnKf oLYJyfndOtfoepcUM4kWKkUZj3Zg0YSnI+b6jlRLDTXHDTvmna5hf6DAxpWxLVwr1covrIg7j tGcglRQJC87d0o8USMc/5BTzVKThAATe6rmvgeM439ne3TQWArTgk5n4F1PI7dCrm/yDINRxl uJ88L2gXvUGMd1I/fOFf7jPHENgXDx8qGCtzsRgwnyKmIPRKSNQOrvdw0pCi1Ct3Tp3xnZcEK 3ikjHxVWGiCgiATf5KeJFggrYGuW2ESmpYhzmMppkX6LXnLJBf7QCjphgO4ydsjF+GqZZV0uB V/IBWJHbDp7cW4K6woo00FZtzCkAVnZux17Z8DjkDFt8cY9BRrdNT/b2mC4sGB9q5u6kxEiWh rWhIUxswUBV4HGF5YPSV2JrOmQk73/tNKCIvLlqdkov9rj+h7OnWqCdOvsXETznlMIxQ/lZwW vLQ8qgvTInOFkLwD1LCNRkzS+1pFBCBsXdwvhgoNfXDDl0TPJ2rNQ+fiT2suabmPIZ+z579kw V3/A2gfYD9WInmzsQQS1l+EJbI8RiEtaLmLfkoYsBUsLR8cRw2oiGvZUVLas9/9VLnTDhlkLT wyqLJJIqZA4ipqUWardgiA4rS9OGmwUKai0rpfT1/YTIRCqOM6F+iMjQz+rwpPVOUBK2F1mhl Zpl/k4NQyTQGJAeFuvSUclEwNsznGS+GIs/xBDXOpPs2LoCXq9MgmiFd34d2UtDx5g+Cb/u33 sbKQD48txsJstE4FvoS87r1nNqwgOULc/2zE1Ry04EOXPJS9qyx0mzOQMEezzw/RF5nHS9jrc ytCY1myCbDZJ6gX1rpJNlReoRjW9DFhnnFyku9dB8hL/n12ANzOkilA0bvzMzXIpJcPfWHC1j 3ozpg1M81pPcx2dzrZYUFgvPmMQFBSdu1/JnH160uQMS8dFfwQnNNgk5iKHASrFXrPB+AIQL5 Bg+deym+KVYhyQmE7fDAdUhdP7omJbj4rRbeI5nHTJNex0eAeJrki5zUZ3iAcKPgUjJrUOTka /p9oenfZkxfIGOgNOXdKxNc/rStBVAxN7fTQjFdj2t+OxaWM+zAz4UJiPAPKVEKaGjSDHG5MB /L/U+/VrVjMpXIJLlU1x5eyykY3hokprzf4/PvryEQNbBFFAUFvysB5vrE+JVvg+jigPMaO5L z0rGtCJbOx9Wn6oo1axJZHcla1J8VYqYNGFUjLuDuiPKsiPPcvHX6GNS+4H6TFJZQnc4xABqJ Psw5FCUcR+cUADRSMkz8M7/gooGKq1bqQf08vNpW7GQw3hGUUgPsx5n+cQHJaOEwQeXzJkKOR cCCXhZh5WFPpLYjmZVBmoYTTPIwscqdJLsyt0LpMG6T9AnIngYONwacwBSkqI0iVHbqoJjYI8 QcjfXhhJ4KYN5r4GNsOy+kLXa99f5LMHzsCn6c8CA9HiyltCQwg3R6b1KKpnF0GrjNLEXJzQl RNNxHhic3Z8SL3CfkilaIqA1HKwF6bF54Vng8iCKijv9B9xcjTLL57XBT3VVB+UWDg8M1D+5j eldfpXwwGTm5ajcSx4srNd93aVlba8jvJeZF6nGz3EJrGXyeLJJNwKqvtK5tDleqkA045/pPi bpi6sy2HhRbUWAV4QAeE6S4ORBaIruGX6o6vJzd4O46zDtSbHZAz0fV58gJRjx3wGKb0MXkQt aTT7NILWERJNPkvAtFfRR3Vv/uZKu711mdcIKSJu7lr6q3zCqsCAp8DRq9hoNI7u3lL6vG4nG pwB5/UbvEKDNncF8frF0rulooZMCIchkjZfrV1Bv9Buswo8/QZMmg6zQ9umroD69RVQYDIkcc RHLG0/U92hU+TwLnz1IIwR+iZhKrxCjGwYlmkInEBixOgrma1RqgMCWB90qN+0gsinVopNRjW H6iLfuSVi2hrKdS26yQgxco94YnpS5AxGsGNyhtsYBQmu6pU6feqcya0MR4VdJgmPTwVopKka 3nx8d9AFeBvbGhw7JQ/H6OgzWGbEClTon9cE9PTJMsmzpztOq2lG4OxcB35Q3vvJdurZAz7Zn c8BpmNXhyd7JZC0Gzg6Anm5wjpvnxZt1VUJJbxWh0OwyKbi6Daj9RN55mo+lIJWQyXT/dW9au T1hZDdf6SAbJWiVot0QwT6NvW9TZzBbL2sPp01tI/vFOA5I8TBNhohFsoRzCsKXUx3NI7Gd5T XShbRVHtLduIpORTfGTI+s0YN2GwQxjPfj0LVOtdFJoG3dDXwaPOAZonyo2kswvl0ihy5ANTL e6buHUP36GcJezKA94WaMpyoOLP8/eNxLJ3Ir2ID20O3Vt3MOYXCkKsMxVgSUPcvsfrr1Jf6W pXKl33ZWY6XrHHHGW7wDYF/xdoSoBPTkNEzhRjF4xreK0q3QxYqdV78KM9SYiP9pkz/za+lNh mraWiJq9BsxY5trBsQM3XEvcWNeO5KSc+1+Rr226WPt5PRbDOZ0mgoARTSRx7bq/8BrYNgw/5 8u1xalxvQg/4ReOADsMUHVcQ9KYIteZl9Ie/fv19hybd6sGCRp7x5h1qtqzvR0aox8iFseHQY AEiR3zXWJbHUybmoMvyIwKwwyJY0yJARE1BY6maJJFucV1XcdLqKP+3CxAmDCKZHmvxXGyuqJ yn90VLX3kD7ICPfouUHwRBJFvU8Yjbs18BUKRNmew0aQgfecmthjDIlZb1nW0668JcWtljDcU QtQ65NEtUAQ/Z2oeAjImziCGkXuMwkFjd9ztpBJ6YkBzmFxyE5QwSizF93lxx4AkMDUG5gcOi G+4jIC5ud6J4rRJ5TThbgs5u3+JGNVjh7idCsVm02hey1jpg6YQQP6J8DbaO4LITQHqxjYF4w GkdZAahjhc8DuEvCEFm/VA42jQGteAFteJ3N6yTI+iODfZSl/ne74L+tWZGst49oB5plYb6lK e6/91UIm5QZBUx+B3KJ/1w23lU1r+gYrczcu3rIlzWxwMKpqmdFOVEeb1dvbOrNKG+UXRYzlB dtI2PvR7Q1l2vh4Wz0dgansksOKoZVeG6B13y6yQFu7u5VuUKVeSwkipeaWD2uwXQp9r/dS57 V/6aKKrc9gfjdk/dty2037x/hiEHwtNKgBRcRlRhfnh8LHD4JZ8IU46wNHJiKd/C7VUztw6K+ 1rnq8OT+nsrXQYrTK93+hFk+3i0271nKA8FT55DushTdeSzu4tyDP2d0MOLoXqYm+0AXxsuEI GkdhDELWBb9ZydnbjyjQhFm1noRFCR1tqL37eVk5S/iNHG/efMkXoWoq+077q7E+gkVkWerKV gdYLW1Z45647IdgI1Ppl9tafm/oEQ64ZbzNeayqfn2B+Jx8vTXqqmOF3Xsqxaib+EMMueE9Wv A7edirgsYFiWTLLao=
User-agent: Mozilla Thunderbird

I extended my DDoS solution [1] by blocking systems where malicousconnections attempts where observed from up to 256 IPv6 addresses of thesame /64 block within 24 hours from hosters providing /64 hostmasks.

For now it is rather a quirk than a generic solution.
But it works well.

And it extends the solution to accept now manual block requests like

    ipset add tor-ddos6-5443 <IPv6 address> -exist

[1] https://github.com/toralf/torutils?tab=readme-ov-file#details

--
Toralf

_______________________________________________
tor-relays mailing list -- tor-relays@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-relays-leave@xxxxxxxxxxxxxxxxxxxx

Follow-Ups:
- [tor-relays] Re: handle malicous IPv6 systems abusing the /64 hostmask
  - From: Marco Moock via tor-relays

Prev by Author: [tor-relays] Re: handle malicous IPv6 systems abusing the /64 hostmask
Next by Author: [tor-relays] Re: IPV6 Reachable ?
Previous by thread: [tor-relays] Re: Programmatically determine if a relay is hibernating
Next by thread: [tor-relays] Re: handle malicous IPv6 systems abusing the /64 hostmask
Index(es):
- Author
- Thread