[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: another DirPort DoS attacker



That is odd; I don't see what purpose a DoS against a specific directory/node would serve (unless you were specifically attacking a connection routed through that node, or trying to use latency attacks). Is it an exit node? Could be retaliation from something a user did through your node by someone who doesn't understand tor, although choosing the directory port is a bit strange.

Another option would be that it's completely unrelated to tor. What port is your directory on? If it's a common service/proxy port, it could be some exploit attempt or similar getting confused. It's a bit worrying if someone cares about attacking tor itself that much, in an abstract way.

Chances are it's nothing too worrisome, though.

- John Brooks

On Tue, Sep 2, 2008 at 7:20 AM, Scott Bennett <bennett@xxxxxxxxxx> wrote:
    A short time ago, I found that 212.205.53.212 had several hundred open
TCP connections to my tor server's DirPort, and very little relay traffic
seemed to be getting past all of that.  I've now taken steps to prevent such
connections from that IP address.  (That IP address has the hame
sahrsmtp03.cosmote.gr.)  Other tor server operators may (or may not) wish to
follow suit.


                                 Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************