[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] anyone else with this issue?
On Tue, Aug 25, 2020 at 06:49:01PM +0000, John Ricketts wrote:
> I as well.
>
> On Aug 25, 2020, at 13:45, niftybunny <abuse-contact@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
>
> ?Daily DDOS love the last 14 days ...
Hi! Can you provide more details? From Nifty's picture it looks like
they are full TCP connections? Do you have a sense of what do they do
when they connect?
And that would mean that they *aren't* packet-level ddoses, i.e. the
"I fill up your network connection with packets so no other packets can
get through" kind?
One of the strange things about working with things at the scale of the
Tor network is that sometimes the combined behavior of many Tor processes
can look like a DDoS. For example, maybe all of these connections come
from out-of-date Tors that are now behaving bizarrely since the network
now doesn't work the way their old logic expects.
We've also seen what looks like DDoS attempts on the directory
authorities, but on closer examination they are some alternative Tor
implementation that is running on many thousands of computers and is
fetching Tor consensus documents in a way that isn't sustainable:
https://gitlab.torproject.org/tpo/core/tor/-/issues/33018
There are also apparently some overloading attacks happening on some
popular onion services currently, and I wonder if those are bleeding
over into looking like many connections. Or, as we saw a few years ago
when we added the "ddos defense subsystem" in Tor, the attacks didn't
actually add much load, but it was when the onion services tried to scale
up to tens of thousands of Tors, to be able to respond to every incoming
rendezvous attempt, that those tens of thousands of Tors together looked
like an attack on the network.
So: the next step would be to try to learn more about what these
connections look like, where they're coming from, what they're doing, etc.
Also, if more people than just Nifty and John are seeing them.
Never a dull moment,
--Roger
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays