[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] DoS attack on Tor exit relay

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] DoS attack on Tor exit relay
From: TorGate <torgate@xxxxxxxxxxxx>
Date: Tue, 6 Aug 2019 17:02:16 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 06 Aug 2019 11:02:32 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-hus.dk; s=20140924; h=content-type:in-reply-to:mime-version:date:message-id:from:references:to: subject:from; bh=sQZi9C2ocdm0bZCbja7vCUmJdGaPO0P5P/GMxU+Ex9w=; b=fpkx6DrUpH37/0ZFEHFPmYplMuIfu8yANq2dIjK9YISCdJxeSh8KfeVTOtA2dQ2h1QAIybEAxeThq IQoqssFU02bm1D8e63oQr8OuF0gOQJJVgldwRa9tntYnXObge51QUrf3VHp3Ycw8xn1z1ik+qm6tHt 8F1Y2yIUanQFSizk=
In-reply-to: <012001d54c45$cb15de00$61419a00$@bulger.co.uk>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays $exit, non-exit, bridge$" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <UCE2yOt3j5aVTKaJNFoM9zhqsvt93YoNeLjkIikW0wbIss4q3eZeMxooQ-GurcRxzXBfd9__N7zkVabJolStsSMtsJTGYhndBppvd-SmDog=@protonmail.com> <34D35ED9-6575-4252-B978-D5B17C62B86B@linux-hus.dk> <3b45bceb-0db8-515f-0806-148155ac54af@cni.net> <CE74D2DB-3C04-4208-A35A-47B4C652604C@riseup.net> <018001d5485a$988a13a0$c99e3ae0$@bulger.co.uk> <o0LVZaz6WuFs-HjrxEM7oDtVD4uAjJGil-BBY9n9HWTFnOwWr6ZwTUBAEZCo212UshCXeFJbajbnxF4s00J1k4KyJ99mHZlqzlxO75FJ9yU=@protonmail.com> <012001d54c45$cb15de00$61419a00$@bulger.co.uk>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.8.0

you can try this https://www.configserver.com/cp/csf.html


> Thanks.  I just could not see how Fail2ban would work on an ORport.  What log would it look at?  What criteria for the jail?   The fai2ban on my non-tor VPS does not yet work with IPv6,  which is partly the nature of IPV6 rather than a programming issue.  I did not realise IPV6 was ignored until a weak email account was found.  So I firewalled off most IPv6 ports instead.
>
> -----Original Message-----
> From: tor-relays <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx> On Behalf Of potlatch
> Sent: 05 August 2019 00:04
> To: tor-relays@xxxxxxxxxxxxxxxxxxxx
> Subject: Re: [tor-relays] DoS attack on Tor exit relay
>
> Gerry,
> At this point I have no working scripts for Tor/fail2ban.  Be happy to share if they ever materialize.  Fail2ban is sorely lacking documentation--or at least I can't find detailed docs.  I downloaded fail2ban on current debian and ubuntu VPS and got different version numbers--none were the current release.  Stay tuned or give a hand.
> -potlatch
>
>
> Sent with ProtonMail Secure Email.
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Thursday, August 1, 2019 4:16 AM, <gerard@xxxxxxxxxxxx> wrote:
>
>> Can we have your fail2ban scripts for the OR port? The jail and rules?
>>
>> Gerry
>>
>> -----Original Message-----
>> From: tor-relays tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx On Behalf Of teor
>> Sent: 01 August 2019 00:28
>> To: tor-relays@xxxxxxxxxxxxxxxxxxxx
>> Subject: Re: [tor-relays] DoS attack on Tor exit relay
>>
>> Hi,
>>
>>> On 1 Aug 2019, at 02:27, Larry Brandt lbrandt@xxxxxxx wrote:
>>> Yes, I have fail2ban installed but the attack is focused on my ORPort
>> 9001.  Similarly, I have an external firewall but it permits 9001 port
>>     passage.
>>
>>     If you're trying to prevent too many connections, you can adjust the DoS
>>     torrc options:
>>     DoSConnectionEnabled 1
>>     DoSConnectionMaxConcurrentCount 1
>>     DoSConnectionDefenseType 2
>>
>>     If that works, try adjusting DoSConnectionMaxConcurrentCount a bit
>>     higher: 10 or 25 are good values.
>>
>>     T
>>
>>     --
>>     teor
>>
>>
>> tor-relays mailing list
>> tor-relays@xxxxxxxxxxxxxxxxxxxx
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Attachment: pEpkey.asc
Description: application/pgp-keys

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- Re: [tor-relays] DoS attack on Tor exit relay
  - From: gerard
- Re: [tor-relays] DoS attack on Tor exit relay
  - From: potlatch
- Re: [tor-relays] DoS attack on Tor exit relay
  - From: gerard

Prev by Author: Re: [tor-relays] Why is my Tor bridge relay not getting any traffic?
Next by Author: Re: [tor-relays] Why is my Tor bridge relay not getting any traffic?
Previous by thread: Re: [tor-relays] DoS attack on Tor exit relay
Next by thread: Re: [tor-relays] DoS attack on Tor exit relay
Index(es):
- Author
- Thread