[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] DoS attacks on multiple relays

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] DoS attacks on multiple relays
From: Felix <zwiebel@xxxxxxxxxxxxxxxx>
Date: Mon, 4 Dec 2017 21:19:01 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 04 Dec 2017 15:18:15 -0500
In-reply-to: <CAMsVPocKpkmsoF2ys400GKrh93qxg1Cfka68YCEKS+rGm9TY9Q@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CAMsVPocKpkmsoF2ys400GKrh93qxg1Cfka68YCEKS+rGm9TY9Q@mail.gmail.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101 Thunderbird/38.4.0

Hi null

Am 04-Dec-17 um 20:40 schrieb null:
> $ ss -s
> Total: 15855 (kernel 0)
> TCP:   24520 (estab 23969, closed 305, orphaned 31, synrecv 0, timewait
> 261/0), ports 0

imho the attempts have tcp state. I experienced similar from a minor
number of non relays. It seems like you gather too many statefull connects.
The ips might not be evil.
Heavy action can be you purge them or tcpdrop(8) before they hurt. Or
connection limit by ip per firewall.

-- 
Good luck and cheers, Felix
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] DoS attacks on multiple relays
  - From: x9p

References:
- [tor-relays] DoS attacks on multiple relays
  - From: null

Prev by Author: Re: [tor-relays] botnet? abusing/attacking guard nodes by openssl?
Next by Author: Re: [tor-relays] Recent wave of abuse on Tor guards
Previous by thread: [tor-relays] DoS attacks on multiple relays
Next by thread: Re: [tor-relays] DoS attacks on multiple relays
Index(es):
- Author
- Thread