[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Recent wave of abuse on Tor guards

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] Recent wave of abuse on Tor guards
From: fcornu@xxxxxxxxxxxxx
Date: Wed, 20 Dec 2017 17:22:54 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 20 Dec 2017 11:23:12 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Roundcube Webmail/1.1.2

Hi

I'm the happy maintainer of wardsback :B143D439B72D239A419F8DCE07B8A8EB1B486FA7

As many of us have noticed, many guard nodes are beeing abused byextremely high numbers of connection attempts.Thanks to some of you guys, I manged to put some mitigation in place [0]and I assume many of us did as well.


I now sit back with questions and concerns arising :

1) Why didn't we see this abuse wave coming ? We kept replying toreporters of the dreaded "Failing because we have XXX connectionsalready. Please read doc/TUNING for guidance" about how they could amendtheir config to accept more connections. Although the 'global scale' ofthose events should have been detected, without most of use assuming itwas due to nodes' bad config.

2) We can see on Metrics [1] that guards count is dropping rapidly fora couple weeks now. Presumably because many guard maintainers gave up onrestarting their crushed node. (I never will. Even though my Metricsgraph shows I've also been in trouble)

3) What could we do to better detect those 'attacks' and spread theword to fellow maintainers about how to mitigate / correct the situation?

I must admit I don't have a valuable clue about how things cantechnically be improved, but I humbly wanted to share a few thoughthere.


Peace

[0] :https://lists.torproject.org/pipermail/tor-relays/2017-December/013846.html[1] :https://metrics.torproject.org/relayflags.html?start=2017-09-21&end=2017-12-20&flag=Guard


--
Frédéric CORNU
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Recent wave of abuse on Tor guards
  - From: mick
- Re: [tor-relays] Recent wave of abuse on Tor guards
  - From: teor

Prev by Author: Re: [tor-relays] #34C3 Tor Assembly
Next by Author: Re: [tor-relays] DoS attacks on multiple relays
Previous by thread: Re: [tor-relays] Ongoing DDoS on the Network - Status
Next by thread: Re: [tor-relays] Recent wave of abuse on Tor guards
Index(es):
- Author
- Thread