[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] DoS attacks on multiple relays



Actually this also caught my attention on this 10 nodes from 188.214.30/24:

https://atlas.torproject.org/#search/188.214.30

All from Romania, relays, ports 443/9030, good bandwidth 17-26MiB, uptime
almost identical, and no family member set. One is even named CIA :)

Contact is set to none also.

welcome!

> Interesting to see. I have similar stats. 10 connections from
> 188.214.30.0/24, second up 8 connections from 178.16.208.0/24. Thanks!
>
> On Tue, Dec 5, 2017 at 4:27 PM, x9p <tor@xxxxxxx> wrote:
>
>>
>> first measure on a good day how many connection per /24 your exit/relay
>> have, excluding these with 1 2 or just 3 connections:
>>
>> # netstat -tupan | grep ESTABLISHED | grep /tor | awk '{print $5}' | awk
>> -F: '{print $1}' | awk -F. '{print $1"."$2"."$3}' | sort | uniq -c |
>> sort
>> | egrep -v '      1 |      2 |      3 '
>>
>> with this information in hand, double the max of it (mine was 10
>> connections from 188.214.30.0/24):
>>
>>      10 188.214.30
>>
>> iptables -A INPUT -i eth0 -p tcp -m connlimit --connlimit-above 20
>> --connlimit-mask 24 -j REJECT --reject-with tcp-reset
>>
>> cheers.
>>
>> x9p
>>
>> >> connlimit per /24. it does more good than evil.
>> >
>> > Any guidance on the specifics? Like how many concurrent connections to
>> > allow per /24? Not sure what's expected from legitimate user traffic
>> > through the relay... don't want to make things worse.
>> > _______________________________________________
>> > tor-relays mailing list
>> > tor-relays@xxxxxxxxxxxxxxxxxxxx
>> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> >
>>
>>
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays@xxxxxxxxxxxxxxxxxxxx
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>
>
>
> --
> Regardless, I hope you're well and happy -
> Aneesh
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays