[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] outgooing UDP flooding on middle relay
strange is the difference in traffic behaivior after that:
h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) h rx (KiB)
tx (KiB)
11 25.700.571 26.306.505 19 275.999 340.633 03 251.998
384.160
12 32.840.796 33.571.996 20 271.278 382.087 04 255.947
383.794
13 32.910.527 33.637.092 21 263.147 383.444 05 244.656
385.187
14 40.052.678 40.824.138 22 260.674 383.309 06 251.796
384.848
15 35.106.193 35.833.114 23 268.364 381.411 07 256.603
383.204
16 0 0 00 259.170 383.978 08 246.394
368.462
17 0 0 01 262.486 383.678 09 248.525
329.171
18 102.138 144.732 02 252.385 384.299 10 145.460
182.071
Am 01.08.2016 um 15:17 schrieb Markus Koch:
> If this is a synflood or any other ddos attack on his vps the tor server would not relay the attack and in and outgoing traffic would be vastly different.
>
> Sent from my iPad
>
>> On 01 Aug 2016, at 15:12, teor <teor2345@xxxxxxxxx> wrote:
>>
>>
>>> On 1 Aug 2016, at 23:08, Markus Koch <niftybunny@xxxxxxxxxxxxxx> wrote:
>>>
>>> Looks like DOS/DDOS.Is it even possible to DDOS over tor?
>>
>> It's possible to (D)DOS any server using ping (or DNS, or any other UDP responder).
>> All an attacker needs is the server's IP address, which is publicly available in the Tor consensus.
>> Then they can attack the relay from the Internet.
>>
>> There's no need to use Tor to tunnel the (D)DOS. In this case, Tor doesn't tunnel UDP, so it's unlikely to be the culprit.
>>
>> Tim
>>
>>>
>>>
>>> 2016-08-01 15:04 GMT+02:00 pa011 <pa011@xxxxxx>:
>>>> yes about the same - sorry for the page brake dont get it solved in my
>>>> thunderbird
>>>>
>>>> h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) h rx (KiB)
>>>> tx (KiB)
>>>> 23 6.559.929 6.748.215 07 4.697.285 4.845.893 15 35.106.193
>>>> 35.833.114
>>>> 00 5.129.384 5.289.456 08 12.317.567 12.605.726 16 0
>>>> 0
>>>> 01 3.709.181 3.843.988 09 14.913.172 15.278.079 17 0
>>>> 0
>>>> 02 4.405.017 4.574.745 10 22.218.874 22.738.508 18 102.138
>>>> 144.732
>>>> 03 4.670.091 4.817.785 11 25.700.571 26.306.505 19 275.999
>>>> 340.633
>>>> 04 4.711.807 4.853.921 12 32.840.796 33.571.996 20 271.278
>>>> 382.087
>>>> 05 4.269.354 4.408.417 13 32.910.527 33.637.092 21 263.147
>>>> 383.444
>>>> 06 5.279.142 5.443.890 14 40.052.678 40.824.138 22 176.040
>>>> 258.865
>>>>
>>>>
>>>>> Am 01.08.2016 um 14:51 schrieb Markus Koch:
>>>>> In and outgoing traffic is the same size?
>>>>>
>>>>>
>>>>>
>>>>> 2016-08-01 14:44 GMT+02:00 pa011 <pa011@xxxxxx>:
>>>>>> The ISP didn’t mention - I would have to ask.
>>>>>>
>>>>>> What I saw was that the traffic was up about linear from usually 30Mbits
>>>>>> to above 100 Mbits over about 6 hours, bringing the CPU to 100% and
>>>>>> dropping.
>>>>>>
>>>>>>
>>>>>>> Am 01.08.2016 um 14:36 schrieb Markus Koch:
>>>>>>> How many packets per second?
>>>>>>>
>>>>>>> Markus
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> 2016-08-01 14:28 GMT+02:00 pa011 <pa011@xxxxxx>:
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> one of my middle relays got auto limited by the ISP because of
>>>>>>>> "outgooing UDP flooding ".
>>>>>>>>
>>>>>>>> The VPS is pure debian8, fail2ban, pub key and nothing else installed -
>>>>>>>> so I highly doubt the give reason for the traffic limitation.
>>>>>>>> Also I cant find anything in the log files.
>>>>>>>>
>>>>>>>> Anybody having experience with such an issue?
>>>>>>>> What to check for please?
>>>>>>>>
>>>>>>>> Paul
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> tor-relays mailing list
>>>>>>>> tor-relays@xxxxxxxxxxxxxxxxxxxx
>>>>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>>>>> _______________________________________________
>>>>>>> tor-relays mailing list
>>>>>>> tor-relays@xxxxxxxxxxxxxxxxxxxx
>>>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>>>> _______________________________________________
>>>>>> tor-relays mailing list
>>>>>> tor-relays@xxxxxxxxxxxxxxxxxxxx
>>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>>> _______________________________________________
>>>>> tor-relays mailing list
>>>>> tor-relays@xxxxxxxxxxxxxxxxxxxx
>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>> _______________________________________________
>>>> tor-relays mailing list
>>>> tor-relays@xxxxxxxxxxxxxxxxxxxx
>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>> _______________________________________________
>>> tor-relays mailing list
>>> tor-relays@xxxxxxxxxxxxxxxxxxxx
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>> Tim Wilson-Brown (teor)
>>
>> teor2345 at gmail dot com
>> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
>> ricochet:ekmygaiu4rzgsk6n
>> xmmp: teor at torproject dot org
>>
>>
>>
>>
>>
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays@xxxxxxxxxxxxxxxxxxxx
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays