[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: another seeming attack on my server's DirPort
On Wed, 19 Dec 2007 10:46:56 -0500 Roger Dingledine <arma@xxxxxxx> wrote:
>On Wed, Dec 19, 2007 at 02:46:04AM -0600, Scott Bennett wrote:
>> A little while ago, I added another filter rule to the router here to
>> stop an apparently endless, rapid-fire series of directory requests hitting
>> my tor server's DirPort from 125.35.9.66, which appears to be in China. The
>> last time I reported this type of thing, you may recall, it came from a site
>> in Italy. The symptom, like the last time, was that output rate on my
>> machine's main Ethernet interface was running steadily around the transmit
>> rate limit imposed by my ADSL line. dig(1) shows:
>
>Hi Scott,
>
>Can you check what's being repeatedly fetched?
>
>One way to do this is to run at loglevel debug briefly, and look for
>
> log_debug(LD_DIRSERV,"rewritten url as '%s'.", url);
>
>My first guess is that it's a runaway Tor client, or a runaway cache
>between the Tor client and you, rather than any intentionally abusive
>behavior. (It's amazing what can go wrong on the Internet when you have
>enough participants.)
>
Sure. I'll do that the next time I see it happening. Meanwhile, though,
I'm leaving the blocking rules in effect for the two offenders I've already
encountered.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at cs.niu.edu *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************