[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] DDOS?



On Sat, Dec 29, 2012 at 11:44:29PM +0000, mick wrote:
> On Sat, 29 Dec 2012 22:07:59 +0000
> mick <mbm@xxxxxxxxxx> allegedly wrote:
> > 
> > I shut tor down while I investigated and when running nethogs I
> > noticed a shed load of attempted connections to my tor port (443) from
> > non-tor addresses. A snapshot is at
> > http://rlogin.net/tor/incoming.png 
> > 
> > Anyone else seeing anything similar? I can't believe I'm the only node
> > being poked.
> 
> On further investigation, I think many of those addresses are likely
> to be tor related, possibly clients attempting to join tor through my
> node.
> 
> How long does it take from the time a node is shut down to the point
> where no-one will attempt to connect through it? 
> 
> Mick

Hi Mick,

Technically clients will attempt to use your node until the majority of
the directory authorities agree your node is no longer reachable (should not
take more than a little over 1 hour, assuming I understand the code
correctly) plus 3 hours (a client considers a consensus valid for at most 3
hours), so roughly 4 hours. However, because some clients have incorrectly
set clocks, connections will most likely trickle in past this point. I
think after 5 hours no valid clients should still try to connect.

HTH,
Matt
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays