[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Many more Tor users in the past week?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

My router has also dnsmasq running, but this is not crashing. Although the requests are quite high.

I have an iptables rule for the directory port of tor and the rest of my ports. The directory port is hit dramatically since 2 1/2 weeks.

The other ports, 20,21,22,25,80 and so on, are bruteforced in the common way as it is known on the i-net :)



Gordon Morehouse <gordon@xxxxxxxxxxxx> schrieb:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA512
>
>elrippo:
>> Am Dienstag, 3. September 2013, 15:35:04 schrieb adrelanos:
>>> New hypothesis: This is an attempt to shut down the Tor network
>>> once and forever.
>>>
>>> Might this be an attack on the Tor network with the goal to make
>>> it that slow for everyone, that no one will use it anymore?
>>> (DDOS)
>>
>> The Thing on my node's is simply the fact, that TOR Exit's keep
>> DDOS'ing my Router.
>
>Meanwhile, my Tor *relay* is DOSing its own router.  If anybody from
>the Raspberry Pi thread is reading (and I'll post it there later if
>not when I've observed it more), on 0.2.4.x, the Pi can handle most
>circuit storms without crashing (though it still does, quite rarely),
>but somehow it's causing my NAT router to partially/completely fail
>and I still haven't figured out exactly how.  It starts happening
>*before* the ip_conntrack table is full, and it's considerably smaller
>than the point at which ip_conntrack entries can trigger the OOM
>killer, so I don't know yet what's causing it.  The router has also
>handled plenty more simultaneous in/out bandwidth in the past.
>Regardless, the router starts dropping packets, and killing Tor stops
>it, and restarting Tor soon enough (so most connected clients are
>still in their retry period before giving up) starts it again
>immediately.
>
>In fact, I've just woken up - started my Tor node a few hours ago
>before going to sleep - and it appears to be starting to beat my
>router down now.  Router load isn't high, it doesn't seem out of
>memory - when you can hit the status page - but ping times start to
>climb or time out, and the first canary to fall over is DNS resolution
>(the router "does" DNS via DNSmasq).
>
>Sigh...
>
>> This started with 140 Exit nodes in my daily blacklist. The Past
>> week it did grow to about 220 Exit nodes increasing constantly at
>> 10 more by day. The interesting thing is, that these are always
>> the same nodes, so on my behalf this tastes like a botnet.
>
>They're DDOSing *you*?  How so?
>
>Best,
>- -Gordon M.
>
>-----BEGIN PGP SIGNATURE-----
>
>iQEcBAEBCgAGBQJSJ175AAoJED/jpRoe7/ujswcIAMCvTRWuBkyktpQp6RgzB46i
>UVtPDf3VrMYNhprUYxmDx7LMXVwQtOwKtiK6poMBbiheJkj1ut/xRG0D/fvPg94q
>+TZfQQPCH4Imvy9c23vF7/uCDKoMx+tGYUKqbqThhZAuZGLMnmsUQQLS2ehq0YC8
>iQiL+YYVAgTRfkiU2VvVDnP0TMjYspH9yn1VkkaNZanQFCZH1Br3tHjVxg/lSOje
>sA1ShlWs1kfBd9/GbItkH3g8ZBuKO7i/aAOlpiZRkEA0ZmBX5tuhhuey06bqcky0
>zNbRCp87OEPsryDApjdhrybWrLo0dw302DC0S+SnUJ4j7gRz4cE/kvTDMnmE9Jo=
>=hhRF
>-----END PGP SIGNATURE-----
>--
>tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
>To unsusbscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

- --
We don't bubble you, we don't spoof you ;)
Keep your data encrypted!
Log you soon,
your Admin
elrippo@xxxxxxxxxxxxxxxxx

Encrypted messages are welcome.

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)

mQINBFH797MBEAC0Y0NeI7lmDR9szTEcWuHuRe0r/WjSRC0Nr5nXsghuMcxpJ3Dd
BOBimi4hdMMK4iqPVMwNw6GpKYR3A9LHHjbYRXHUKrJmB+BaJVyzJXN5H6XvxTTb
UfX+DaXAGJW/G+3cBB3qm/QaU8QGkBKfXq0DLTaTGPkGKxEAldj/8onGZhawdJs+
B92JrW+S2HDh15pIuXzSqe7eCcIOdvvwfWe0fJi2AraA7LYGpxP6GcC/b9JJpbq5
Y6DfE2Aun9ZK3iHqURyrms0Whbv1CgmUahL2MVYCsTsXwe0GwlAxxKvjXAiXuo+R
9wO5wsXvVVSVNqsk9Yqi+wYzdPKndTU0GyxSApQHroF+cxaZ8Lk0xloj18+LdCSs
e5IiTSXH0MMsDdWWdHlrgk+bgDG+0Gu3ne4vMwGdKO7AhYgQW/ueMy4RnkG/nsV9
jry5BO4gGAI1Ij8KvqUzEnvJFGE3ptJogU+zazWWDUWmL3ecKb3aDRlJFnZ3kJ5h
q8GolZVjpk99V+4B5WVRPXdej/p5J19tXycK/jdNmr4oC8NyUhIpe8xHELnfoB4z
+rxiTx+KMnW0rY8EQg8O2ixEYt5my90IwQkxcxIxextVrqjJjYn8extc2/v8yGzI
KmTEJxdADB5v/Jx4HiLHNDSfBUb8gfONCkNSTYvTcSwTjWzHOkXeE/9ZbQARAQAB
tD5lbHJpcHBvIChrZWVwIHlvdXIgZGF0YSBlbmNyeXB0ZWQpIDxlbHJpcHBvQGVs
cmlwcG9pc2xhbmQubmV0PokCOAQTAQIAIgUCUfv3swIbLwYLCQgHAwIGFQgCCQoL
BBYCAwECHgECF4AACgkQhN8ffmrgNkT8+BAAoAXBqu4/O2Cs5FSWWZpzgScNEgq7
uHhOKeYmRfgKlOUPoYlPB1DBqdOAXSKb9OvsmyOvpoGnqijB7aAJBoyQYW/OCQgd
U8L4eTCf4yRZnfFLdgskcPfN1p0Rs/yinGEooBJFtYa7mT6J0UTW2JjCLZK2AFCW
oF+KBu5JICXGBXigb2ZbX1jWjxP5H1RidQw6HF5z4z34SjLWAOOeZ8B/Xfz6Fs0s
IAuLu2O4HE4DI8Qu196LhSVHHgr3uMTkvN1t5nKwyjrRQztwXXk9qIomII3ydNYb
BYAGdWNNMfLb1kmDwC5wQHAFvSP1aiMF3aKAY+gl2wXSGO6JqM0SteJS3dytIljI
kzu0atc9HuGs/HDQgdmpAS4WU2YefEr/WieltSiAKlwuC+3wg+CONJ6TE1vgNDU/
axerttb0jq7UQb/nAp05bsrB7XH1Vs+1ON9lUPEfWRmwQcrVK5JUrUWa/4tA/UeM
XvFcPFtFluGTlLewgJIqcvjPXFwpbDZprXJsMkwew/A6B6n3+0sbgf7p3QSGkVbi
dwQAymTbHdYqLnbcnKZhjto3Wjw1J5QB2wuiRYlpjV3i7AWTGlqoSTOWCCV+HamQ
qeFYNYAWNFx3+J/oi7xDi8t9bHVNA205equ+y2sj3G5uGJ6LSHQ8AXp9uOipUUvU
1MJN0yLXr9PIwvi5Ag0EUfv3swEQAL0+MnxHGrTjSYdfdua4SBpmytDONM1EngeY
s+WyaC/760MughKbaysI/nK2LB1vnwEY7f3NM4fxBx8u2T7VBm6Ez6Fs23Bb8Rkz
f97bPSdxCmg64GPHfLA9uwTIXcYS+MpI86WOf6eWY0rRpf7Y9Nl7YoUNvzOyUPqc
ggdcnHce8zYv7A/WS8flZDm8tVFPsHrQDEwNMws7ZhiNnHkeZeRJrvCuB7oEVich
O/ROYoA5o6NozWYQbjxe1f6Yur4Q10qgVcxVnyLFJSbg6vZSzL7KYh3Z5iBOzPHt
7cwEDrW8W4Kl2Qj8rhJ4Wxs94CAtua7IXK44sVZWQbyHcOXRikgGMZKkEZzVCQa5
KD1u1ZrcBCyuMAir0hsmS3jhCUwpiE2c3SRk8O8CgixhTcBk0X/k9ZFu3Hbi1JMB
FLzs/Nq3tYAYvVivhPloSxmYBPsafYHCZM83yBNNsralXh5zjB+di90G+AMXt2PN
LTcdovZuWtC0s8/jrx+zv/AA4FAGYU9OVl+YL9ybFX8gSdMEcixyzQcKfiFBjpWv
5iFrwIuDlaXMcheyrhc9aGOxfx44OXc505+VjO/1Q/8EOWlJ6UwOi6GMkj5T+RFJ
MDyP0UixS7dt6wTuD5t6PRuyWWxZswgrbL9hjwGFr154Z19TWeNWc23pWtUvQJos
UCxl2nFHABEBAAGJBD4EGAECAAkFAlH797MCGy4CKQkQhN8ffmrgNkTBXSAEGQEC
AAYFAlH797MACgkQJEPd69lQ0evA+Q/+M7lSFlrQWiRsFqDjh+kTJc+0OEBCvnfo
N2KPyXXbfc//qup55PfEygE6C60zvrlv3WE33GZ5GS5MLuDMP82b+a5Yt16NQU7L
WtAg1g0S0BvazW+28TgnfO8bhbGaFeE9ccw3xLmlbwZQ3f3LtMKdwFIROiG6hvAs
9U54QYti3tv9DowRYYWpdr0Ga8RqeGNtCKc0v2opy51MpzKWjwUW0i3XlSlyY8Lj
1KT8PyznNPw32nYpmDizz+0OUJNnn/kT+GnFoR3DJnFosTOrnxFJp+N+nejMp/gW
r9NM0/E7H+P53IiytBOt5/0vsOaCFGdYGhKEjmJi3dHS4Xk1ObD1mjdD1YDOlWWU
3Md6BDHd4W7Q8gT7oQfTIMLd3HzV+WNPIdocPLBaeA/tRD8Pg5CCmncAmSub4F5T
An7FlnACtSOv3cIWQ0TymS42DihDaJ5d1RvNzKw+zHYdPvf471JFZR3TDhkPbLIr
9czR7kbpnXRwchgwXQn306NVWf37TgA8wpbnFTazZ38iOeqcb9oKprqnbgEdr3PN
OhKSlMTkzAqf3MEi2Fyua4BADMhS3oBwCRgDTlt6wquEytpNSlZaHnyiyIgOpekF
Uy5K3w8NhHqeifRPrNb/UcCbXtXz+puqIEZHMenpv6FRlTTKpdoHoVXSkp1TPMGN
/VaCiLbP4Z3xEw/9EbAJJkhmmx1Qw3ueoqc4h1MmhUtIdxSZ/oA9SjwlnY++zvaZ
6w1wTS4P+OUkETNDtItdpxXMJ9qfSy9voAQc2K43WMZCCmpPJYSdqaZZNPFj+Ne8
6FNtNKuUkXREybpHwlVAXnHzInmFOOM9RAmF70r3zEmKt77W1ztBLo2o9X79gPgL
u9ThgrH6Oc2k46n+9nc3joccr7miiX/bp976DNWcWdOYThiSSOCb8Zw9/Zs935i1
wUVkYTj24tmBH4H5ov9ib7RPmU21ru458RbUKG0ONAqBtAHNyXHzUnXsrke+D4VW
MI06YcXSk8YeYgQ8GxgHQc+W2bb8LIbKN1hEYJ0wzM62vKR2/Oiwuf8lXutIKTuz
+v7Vj1PQd66DGHsxtWRaWnr1c54JTL2wICHJYKFH4grp7864+GL/uQ1O/Z/XxVku
E1JQ/AnwBGU1M1S6otwWGWVRjzEzQtxsfcCEPvV/9td3FIFQAbGTPb+48XFU+TY9
8AlcXBlDzXq7c5f8Evn/oSIsZDt63K4HNTmMGqOTl/p1aA0e4eyX76LczY06rDP5
GMSNs+AHmYgZiS4RYhRUIvS9uLXMnnDAMYst0SDl2orDUUeHBTzu0rchyknBZMGP
p5wQuWQ9CFlV+dj3UYbrBwC1lTkAMXRG2vlhA0V0TZqos7A5D4VHgSUQQjE=
=otlL
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: APG v1.0.8

iQJcBAEBCABGBQJSKCoDPxxlbHJpcHBvIChrZWVwIHlvdXIgZGF0YSBlbmNyeXB0
ZWQpIDxlbHJpcHBvQGVscmlwcG9pc2xhbmQubmV0PgAKCRAkQ93r2VDR60T9EACv
Nl3RA421yDayo0UVmx83RzE9d+0AhTMFL2RgONFnwhD+vRK+/6qybTaQ8EpJCNge
bQVQYkzYCebH46GewirEt0j90pBkKW3gD8gHOEePRZ2z3x9jWxuuDE6i7y5E8C70
7gwYO5InlLgMYvjmaqPbtIYO6uxb1Td7IC1NTHYUjZVWeICMQPuQmBFa9vyL24nR
BAPQjRf8DDTpz4hHDCP+f7H8IfIqmyvuFYb5PjtWApLaNVloZVR3m0WF/G0GKMiU
xhys5fIUuwUlFzlo2QCyuw+qTa3xhFR7T/OF+UQBJi6gxb+1zXNOhrmMQ/zzdPCH
B8FaFpzkNNIyL4ANOLrqSBrxdYATvf1Tn3H7NbrhuzOUYFjVtDaICtOGZ4nOeXc5
k3Tn6qAhg4rx4K8H8+PBF6nYQge3Og880LjiifZYEtzxEGMYMjqLeP421kOzwATH
beYF4SGK6OqnXI5Mjm6S4msSb707OH4ReVn1SpbMeSEKP56tivAfJZQ6x7fUloxM
oc3z+7TPeTrtNV/qa9oUGN8YOYZrQlgMgql6dmDoqi8ai35j2zKgmE1fynd5y0IL
F5ryZhgXT3PGmuKHrmmmXcZKMoy7uFPXhb/sbStM7efb1/t4g3c9CtTZCDEzV6xt
FZ3RN6/mgPZKHDq5OlzOSpdcfd25gtvKilmSdBQ4RA==
=beL/
-----END PGP SIGNATURE-----

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk