[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: another seeming attack on my server's DirPort



     On Wed, 19 Dec 2007 10:46:56 -0500 Roger Dingledine <arma@xxxxxxx> wrote:
>On Wed, Dec 19, 2007 at 02:46:04AM -0600, Scott Bennett wrote:
>>      A little while ago, I added another filter rule to the router here to
>> stop an apparently endless, rapid-fire series of directory requests hitting
>> my tor server's DirPort from 125.35.9.66, which appears to be in China.  The
>> last time I reported this type of thing, you may recall, it came from a site
>> in Italy.  The symptom, like the last time, was that output rate on my
>> machine's main Ethernet interface was running steadily around the transmit
>> rate limit imposed by my ADSL line.  dig(1) shows:
>
>Hi Scott,
>
>Can you check what's being repeatedly fetched?
>
>One way to do this is to run at loglevel debug briefly, and look for
>
>  log_debug(LD_DIRSERV,"rewritten url as '%s'.", url);
>
>My first guess is that it's a runaway Tor client, or a runaway cache
>between the Tor client and you, rather than any intentionally abusive
>behavior. (It's amazing what can go wrong on the Internet when you have
>enough participants.)
>
     Sure.  I'll do that the next time I see it happening.  Meanwhile, though,
I'm leaving the blocking rules in effect for the two offenders I've already
encountered.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************