[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Pretty sure our exit was being synflooded
I spoke too soon, it seems - the exit is struggling again, with some
time spent destroyed today.
As I look at what it's doing, it's clear that someone is relaying SYN
packets to random ports and also random destination addresses that
aren't even alive. The destination hosts and ports continually vary -
it never hits multiple destinations on 1 port, and it does not hit
multiple ports on 1 host. I presume it is an attack that is intended
to degrade this relay's service quality, or otherwise more broadly,
degrade Tor.
I'm going to reject a few more trojan listen ports, it might help but
it isn't a real fix.
My thought btw was for Tor to rate-limit syn scanning activity between
the client and the first onion router, with the function taking place
in that first-hop router, not at the exit.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays