[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] DDoS attack on relay

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] DDoS attack on relay
From: TorOp AnonymizedDotIo1 <torrelay@xxxxxxxxxxxxx>
Date: Tue, 26 Jan 2016 14:51:36 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 26 Jan 2016 14:51:56 -0500
In-reply-to: <CAAd2PDKFGY2Z_-YCtn-VbV3kp8a+p3CLMGBDa7j7hyzKKTA3UA@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CAAd2PDKFGY2Z_-YCtn-VbV3kp8a+p3CLMGBDa7j7hyzKKTA3UA@xxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1

I was hit with a DDoS attack > 1gbps on 2016-01-21 11:30 EST on the IP that host my tor exit node. My hosting provider began succesfully mitigating the attack and my service was unaffected besides a slight dip in network throughput.

They attacker quickly stopped the attack when they realized if was being blackholed as my IP was removed from automatic mitigation 15 minutes later.

They did not attack other IPs in that netblock or any other of my netblock that host my legitimate buisness.

DDoSing a medium-to-large exit node seems counterintuitive to me... unless you are a government.

Le 2016-01-26 14:32, Green Dream a écrit :

My hosting provider alerted me of a DDoS attack on one of my relays. It started around 2016-01-26 12:42 UTC. They claim they tried "filtering, routing, and network configuration changes" to mitigate the attack, but as a last resort they temporarily disconnected the host from the network for 3 hours.

I know such attacks are not uncommon, but I'm curious if any other operators experienced a DDoS around the same time?

I'm also curious to know more about the nature of such attacks -- what type of attack was it, what is the general end goal of attacking a random Tor (non-exit) relay, etc. My hosting provider is unable or unwilling to share additional information.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] DDoS attack on relay
  - From: Green Dream

Prev by Author: [tor-relays] EventDNS error
Next by Author: [tor-relays] Reload Config Without Restarting?
Previous by thread: [tor-relays] DDoS attack on relay
Next by thread: Re: [tor-relays] DDoS attack on relay
Index(es):
- Author
- Thread