[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: another seeming attack on my server's DirPort



On Wed, Dec 19, 2007 at 02:46:04AM -0600, Scott Bennett wrote:
>      A little while ago, I added another filter rule to the router here to
> stop an apparently endless, rapid-fire series of directory requests hitting
> my tor server's DirPort from 125.35.9.66, which appears to be in China.  The
> last time I reported this type of thing, you may recall, it came from a site
> in Italy.  The symptom, like the last time, was that output rate on my
> machine's main Ethernet interface was running steadily around the transmit
> rate limit imposed by my ADSL line.  dig(1) shows:

Hi Scott,

Can you check what's being repeatedly fetched?

One way to do this is to run at loglevel debug briefly, and look for

  log_debug(LD_DIRSERV,"rewritten url as '%s'.", url);

My first guess is that it's a runaway Tor client, or a runaway cache
between the Tor client and you, rather than any intentionally abusive
behavior. (It's amazing what can go wrong on the Internet when you have
enough participants.)

Thanks,
--Roger