> On 1 Aug 2016, at 23:08, Markus Koch <niftybunny@xxxxxxxxxxxxxx> wrote: > > Looks like DOS/DDOS.Is it even possible to DDOS over tor? It's possible to (D)DOS any server using ping (or DNS, or any other UDP responder). All an attacker needs is the server's IP address, which is publicly available in the Tor consensus. Then they can attack the relay from the Internet. There's no need to use Tor to tunnel the (D)DOS. In this case, Tor doesn't tunnel UDP, so it's unlikely to be the culprit. Tim > > > 2016-08-01 15:04 GMT+02:00 pa011 <pa011@xxxxxx>: >> yes about the same - sorry for the page brake dont get it solved in my >> thunderbird >> >> h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) h rx (KiB) >> tx (KiB) >> 23 6.559.929 6.748.215 07 4.697.285 4.845.893 15 35.106.193 >> 35.833.114 >> 00 5.129.384 5.289.456 08 12.317.567 12.605.726 16 0 >> 0 >> 01 3.709.181 3.843.988 09 14.913.172 15.278.079 17 0 >> 0 >> 02 4.405.017 4.574.745 10 22.218.874 22.738.508 18 102.138 >> 144.732 >> 03 4.670.091 4.817.785 11 25.700.571 26.306.505 19 275.999 >> 340.633 >> 04 4.711.807 4.853.921 12 32.840.796 33.571.996 20 271.278 >> 382.087 >> 05 4.269.354 4.408.417 13 32.910.527 33.637.092 21 263.147 >> 383.444 >> 06 5.279.142 5.443.890 14 40.052.678 40.824.138 22 176.040 >> 258.865 >> >> >> Am 01.08.2016 um 14:51 schrieb Markus Koch: >>> In and outgoing traffic is the same size? >>> >>> >>> >>> 2016-08-01 14:44 GMT+02:00 pa011 <pa011@xxxxxx>: >>>> The ISP didn’t mention - I would have to ask. >>>> >>>> What I saw was that the traffic was up about linear from usually 30Mbits >>>> to above 100 Mbits over about 6 hours, bringing the CPU to 100% and >>>> dropping. >>>> >>>> >>>> Am 01.08.2016 um 14:36 schrieb Markus Koch: >>>>> How many packets per second? >>>>> >>>>> Markus >>>>> >>>>> >>>>> >>>>> 2016-08-01 14:28 GMT+02:00 pa011 <pa011@xxxxxx>: >>>>>> Hello, >>>>>> >>>>>> one of my middle relays got auto limited by the ISP because of >>>>>> "outgooing UDP flooding ". >>>>>> >>>>>> The VPS is pure debian8, fail2ban, pub key and nothing else installed - >>>>>> so I highly doubt the give reason for the traffic limitation. >>>>>> Also I cant find anything in the log files. >>>>>> >>>>>> Anybody having experience with such an issue? >>>>>> What to check for please? >>>>>> >>>>>> Paul >>>>>> >>>>>> _______________________________________________ >>>>>> tor-relays mailing list >>>>>> tor-relays@xxxxxxxxxxxxxxxxxxxx >>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>>>>> >>>>> _______________________________________________ >>>>> tor-relays mailing list >>>>> tor-relays@xxxxxxxxxxxxxxxxxxxx >>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>>>> >>>> _______________________________________________ >>>> tor-relays mailing list >>>> tor-relays@xxxxxxxxxxxxxxxxxxxx >>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>> _______________________________________________ >>> tor-relays mailing list >>> tor-relays@xxxxxxxxxxxxxxxxxxxx >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>> >> _______________________________________________ >> tor-relays mailing list >> tor-relays@xxxxxxxxxxxxxxxxxxxx >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > _______________________________________________ > tor-relays mailing list > tor-relays@xxxxxxxxxxxxxxxxxxxx > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmmp: teor at torproject dot org
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays