[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: another seeming attack on my server's DirPort
On Wed, 19 Dec 2007 09:55:41 +0100 (CET) "Marco Bonetti"
<marco.bonetti@xxxxxxxxxxxx> wrote:
>On Wed, December 19, 2007 09:46, Scott Bennett wrote:
>> we need to think up an automated way to deny directory service to
>> abusers in order to put a stop to such activity.
>you could try rate limiting the connections or adapting mine or perry's
>script to your needs.
>
Well, you seem to be getting ahead of things here, which would have
been more apparent if you hadn't deleted all the context. I would like
to know first before worrying about automating a remedy whether anyone
else is experiencing the same problem. If my tor server is the only one
being attacked, then the problem may not rise to the necessity of an
automated solution. If anyone else is seeing this problem, please let
us know.
Also, you didn't identify the scripts to which you refer clearly
enough that I have any idea what they might be. What do they do? Where
can they be found?
Up till now, I've only added two filter rules on the router to block
anything from the two offending /24 nets from getting into my LAN. Keeps
the LAN traffic down, as well as the outbound link traffic. Very simple,
no checking of protocol, port, or destination IP address required, etc.
But it does require my presence to notice something fishy going on, check
it out more carefully, and then add a filter rule.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at cs.niu.edu *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************