Re: [tor-relays] running a relay on a pi/pi2 and it stopped working after upgrading to 0.2.8.6/0.2.8.6-2 ? read this (bugfix)
On Wed, 10 Aug 2016, teor wrote: > > I just changed git to raise it to 300 too. So maybe this once changing > > /lib was actually ok :) > > It looks like you changed it in > https://gitweb.torproject.org/debian/tor.git/tree/debian/systemd/tor@.service > but not in: > https://gitweb.torproject.org/debian/tor.git/tree/debian/systemd/tor@default.service > > Is this intentional? Good catch, thanks. -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] DoS on my non-exit relay? Or just oversensitive DoS "protection"?
Oops, forgot to say on my middle relay, 5MB/s up/down, TCP sockets is usually between 3000 and 4000.. Le 10/08/2016 à 10:57, Petrusko a écrit : > Hey, > > Since last ddos subject here, I've added a graph on my Munin node. > The graph will show the number of TCP connections used, and I think it > can be useful to see if there are some spikes = may be DoS attacks...? > So if you have Munin running on your relay, it can be activated by > creating a symlink "/etc/munin/plugins/tcp" to > "/usr/share/munin/plugins/tcp" > > > > Le 10/08/2016 à 09:39, Sebastian Niehaus a écrit : >> I am not sure whether it really looks like a DoS attack or if is just >> many "normal" tor packets hammering on the small server which are >> misunderstood as a DoS. > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] DoS on my non-exit relay? Or just oversensitive DoS "protection"?
Hey, Since last ddos subject here, I've added a graph on my Munin node. The graph will show the number of TCP connections used, and I think it can be useful to see if there are some spikes = may be DoS attacks...? So if you have Munin running on your relay, it can be activated by creating a symlink "/etc/munin/plugins/tcp" to "/usr/share/munin/plugins/tcp" Le 10/08/2016 à 09:39, Sebastian Niehaus a écrit : > I am not sure whether it really looks like a DoS attack or if is just > many "normal" tor packets hammering on the small server which are > misunderstood as a DoS. -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] DoS on my non-exit relay? Or just oversensitive DoS "protection"?
Hi, The provider of my non-exit "silentrocket" told me they temporarily disconnected the server from their network because of a DoS attack against the machine. https://atlas.torproject.org/#details/7A32C9519D80CA458FC8B034A28F5F6815649A98 They sent me some details of what they think is a DoS attack (date and time omitted ...): ### Attack type: DoS_IN Attacked IP: 82.223.21.74 ### Source Address Source Port Destination Address Destination Port Frames 193.171.202.146 TCP:9001 82.223.21.74 TCP:61078 21440736 176.10.104.243 TCP:443 82.223.21.74 TCP:25817 11203344 185.29.8.132TCP:443 82.223.21.74 TCP:56708 8160360 58.58.170.2 TCP:443 82.223.21.74 TCP:61980 7840824 144.76.14.145 TCP:143 82.223.21.74 TCP:19866 6240664 195.154.209.91 TCP:443 82.223.21.74 TCP:20229 4808568 192.42.113.102 TCP:9001 82.223.21.74 TCP:62658 4328568 83.146.80.152 TCP:39898 82.223.21.74 TCP:90013041584 87.98.162.251 TCP:443 82.223.21.74 TCP:60948 2240040 188.138.9.49TCP:9001 82.223.21.74 TCP:13349 224 93.145.122.187 TCP:60469 82.223.21.74 TCP:90011920016 104.236.92.66 TCP:1337 82.223.21.74 TCP:48838 1760248 5.248.227.163 TCP:9001 82.223.21.74 TCP:28976 1760240 109.104.12.92 TCP:9001 82.223.21.74 TCP:15808 1601224 46.101.237.246 TCP:9001 82.223.21.74 TCP:18393 1600784 212.47.239.187 TCP:443 82.223.21.74 TCP:6669160 212.117.180.130 TCP:443 82.223.21.74 TCP:37114 144 37.187.17.67TCP:38547 82.223.21.74 TCP:90011281176 37.157.193.107 TCP:49192 82.223.21.74 TCP:9001804896 193.11.164.243 TCP:9001 82.223.21.74 TCP:62265 800040 I am not sure whether it really looks like a DoS attack or if is just many "normal" tor packets hammering on the small server which are misunderstood as a DoS. They are coming from a remote's maschines tor port and going to some random port om my server suggesting the packets are simply a reply to some connection my server opened. The server ran fine for several months but now I get a disconnection notice several times a day. Maybe there is really a DoS, maybe their automatic DoS protection reacts too fast, maybe they are just fed up with the traffic the relay causes and want to make things hard for me. Do you have any (educated) guesses what might be going on here? Thank you very much, Sebastian signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays