[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: another seeming attack on my server's DirPort
On Wed, Dec 19, 2007 at 02:46:04AM -0600, Scott Bennett wrote:
> A little while ago, I added another filter rule to the router here to
> stop an apparently endless, rapid-fire series of directory requests hitting
> my tor server's DirPort from 125.35.9.66, which appears to be in China. The
> last time I reported this type of thing, you may recall, it came from a site
> in Italy. The symptom, like the last time, was that output rate on my
> machine's main Ethernet interface was running steadily around the transmit
> rate limit imposed by my ADSL line. dig(1) shows:
Hi Scott,
Can you check what's being repeatedly fetched?
One way to do this is to run at loglevel debug briefly, and look for
log_debug(LD_DIRSERV,"rewritten url as '%s'.", url);
My first guess is that it's a runaway Tor client, or a runaway cache
between the Tor client and you, rather than any intentionally abusive
behavior. (It's amazing what can go wrong on the Internet when you have
enough participants.)
Thanks,
--Roger