[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] botnet? abusing/attacking guard nodes



On 20 Dec 2017, at 16:39, x9p wrote:

On Wed, December 20, 2017 12:10 pm, Santiago wrote:
...

My relay B33BFA9AA0005730C1C0E8F7E6F53CF3C5716BD6 is not currently
tagged as Guard, and I am seeing more than twenty IPv4s with more than
10 connections, and one with 147. Should that be considered normal for a
non-guard relay?

147 is a bit high for a non-exit, non-guard, for a single IP. check
https://atlas.torproject.org/ and see if this IP is part of Tor network.

My relay is regularly struggling a bit nowadays, with some source IP's crossing over the 1000 connections, but quite a few at 50-100. The one with 1000 connections, and for some random IP's none of their IP's being listed as an Tor node on atlas. Seems to be a lot of IP's out of 54.36.51.0/24 that tend to open a lot of sessions. Whereby the ones checked are not on Atlas.

At some point the entire conntrack table was full and OOM kills for the tor process. This only left me to put in some connection limits. Despite being advices against. I currently have:
200 connections per /24, if that's used then at least allow 24 connections per /32.

I'm currently running with 6600 connections just fine; when it crosses the 15k it becomes troublesome.

Now blocking some connections might be far-far from ideal, but better ~6000 connections served with bandwidth then to remove my relay from the tor network in my view.

That said it would be good if the Tor program itself would have some protections, to the extend possible, with the current protocol. For instance dropping clients (source IP's) that frequently connect but are not behaving. I understand this might have it's implications when under censorship/censorship countermeasures.

--
Yours Sincerely / Met Vriendelijke groet,
Stijn Jonker

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays