[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Recent wave of abuse on Tor guards
On 22 Dec 2017, at 10:08, Roger Dingledine <arma@xxxxxxx> wrote:
>>> (Connection refused; CONNECTREFUSED; count 18; recommendation warn;
>>> host DAC825BBF05D678ABDEA1C3086E8D99CF0BBF112 at 185.73.220.8:443)
>>>
>>> So - I get loads of CONNECTREFUSED whilst coming up (presumably because
>>> of the attack) and then come fully back online.
>
>> IMO your tor searches for guards and they are under load, gone or lost
>> their guard flag. Finally you found a guard :)
>
> Yes, I agree. (Though if they were gone or lost their guard flag,
Gone, yes.
But don't client circuits try previously selected guards, even if they don't
have the guard flag right now?
(I know we don't re-weight guards as new consensuses arrive. I don't know
if we ignore them once they lose the guard flag.)
> you
> would not have tried them and gotten a CONNECTREFUSED. So I think they
> are all suffering from the "under load" case. Gosh.)
Yes, this is probably a lack of file descriptors, and new connections are
punished more severely than existing ones.
T
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays