[tor-relays] Stable flag and client load
I am running a bridge, realseven, fingerprint 10B5293C71793DC1E56A5B17434C0539F70FBB38. It's been up for 71 days and has yet to get the stable flag or more than 3 or 4 connected clients. Is there something misconfigured? ~~~ No me preguntas nada, no te diré una mentira. Enrollado Sent with ProtonMail Secure Email. publickey - enrollado@protonmail.ch - 0x5923AD04.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Nyx
Fixed it by installing from deb file. -Original Message- From: Dr Gerard Bulger Sent: 21 February 2021 19:09 To: 'tor-relays@lists.torproject.org' Subject: Nyx Sorry if wrong forum Nyx install out of the box, never had this error on starting before Ubuntu 18.04 Traceback (most recent call last): File "/usr/bin/nyx", line 11, in load_entry_point('nyx==2.0.4', 'console_scripts', 'nyx')() File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 480, in load_entry_point return get_distribution(dist).load_entry_point(group, name) File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2693, in load_entry_point etc Tor itself is running happily What dependency is it missing. Purge and reinstall made no difference. Gerry ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Stable flag and client load
On 2/21/2021 7:16 PM, enrollado wrote: I am running a bridge, realseven, fingerprint 10B5293C71793DC1E56A5B17434C0539F70FBB38. It's been up for 71 days and has yet to get the stable flag or more than 3 or 4 connected clients. Is there something misconfigured? Bridges don't get the stable flag AFAIK, only running and valid. Depending on the distribution method for your bridge, only a handful of clients could be quite normal. Cheers. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Nyx
Sorry if wrong forum Nyx install out of the box, never had this error on starting before Ubuntu 18.04 Traceback (most recent call last): File "/usr/bin/nyx", line 11, in load_entry_point('nyx==2.0.4', 'console_scripts', 'nyx')() File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 480, in load_entry_point return get_distribution(dist).load_entry_point(group, name) File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2693, in load_entry_point etc Tor itself is running happily What dependency is it missing. Purge and reinstall made no difference. Gerry ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] anyone else getting sync floods from russia?
On 21.02.2021 12:12, Toralf Förster wrote: Would an iptables ruel with "recent" and "limit" be a solution here ? If yes, how do you use that (do you have a code snippet)? Example SSH: *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] ## Drop incoming connections which make more than 4 connection attempts upon port 22 within ten minutes -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --name ssh --set -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --name ssh --update --seconds 600 --hitcount 4 -j DROP ## To list these damned IP's: 'nano /proc/net/xt_recent/ssh' or ## 'cat /proc/net/xt_recent/ssh > recent-ssh.txt' Multiport example: # Up to 15 ports can be specified. A port range (port:port) counts as two ports. # Drop incoming connections which make more than 10 connection attempts upon ports x-y within 1 minute -A INPUT -p tcp -m multiport --dports xx:yy -m state --state NEW -m recent --name syfloo --set -A INPUT -p tcp -m multiport --dports xx:yy -m state --state NEW -m recent --name syfloo --update --seconds 60 --hitcount 10 -j DROP Be sure to look for ip_list_tot:number of IPs to remember per list cat /sys/module/xt_recent/parameters/ip_list_tot nifty must increase to 1 ;-) https://ipset.netfilter.org/iptables-extensions.man.html --connlimit-upto & --connlimit-above looks interesting too. -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom! ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] anyone else getting sync floods from russia?
niftybunny wrote: > Glad to hear its nothing personal. Putin still loves me ?? > > Thats Perl? I have no clue what it does. > > We already changed the timers on the TCP connections and we have scripts > running which are blocking IPs who will send us x connections. Right now > they changed tactics and for me it looks like SYNC flood from datacenter IP > ranges and a few 100 IPs which undermine the easy blocking. Everything over > 2,5 million TCP connections and the servers are more or less overloaded and I > now learned that 3 million TCP connections is the point where the servers are > dead as dead can be. > > For a one time attack I would congratulate them but now daily it really is > starting to suck. I also suxx that we have a direct 10G connection to the > largest Russia ISP so they can DDOS us even faster ? > Do you have pf available as a packet filter? pf's synproxy is designed to mitigate that sort of thing, when it is used. IIRC, it doesn't pass a connection on to the application until all the SYN/ACK handshaking is completed. It may also enforce an early timeout on waiting for the next step after the initial response, but I really don't recall because I haven't used it in many years. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at sdf.org *xor* bennett at freeshell.org * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] anyone else getting sync floods from russia?
On 2/21/21 12:37 PM, niftybunny wrote: If I get say 2 connections from a single IP it would be blocked with iptables. Even much less looks unusal With this command watch -d -x bash -c 'ss --all --numeric --processes state syn-recv | sort -k 5 -n' I do see a handful of addresses - and at least one (rather new) Tor relay is among them - which makes one SYN-RECV after the other w/o finishing the handshake. -- Toralf ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] metrics
On 20 Feb (11:52:33), Manager wrote: >Hello, > >im trying to enable prometheus metrics, and... something goes wrong: > >torrc: >MetricsPort 9166 >MetricsPortPolicy accept * > >after tor restart in logs: >Tor[15368]: Opening Metrics listener on 127.0.0.1:9166 >Tor[15368]: Could not bind to 127.0.0.1:9166: Address already in use. Is >Tor already running? > >-- before restart, no one listen on this port, as `ss | grep :9166` can >say. > >there is also backtrace in logs: >Tor[15368]: connection_finished_flushing(): Bug: got unexpected conn type >20. (on Tor 0.4.5.6 ) >Tor[15368]: tor_bug_occurred_(): Bug: >../src/core/mainloop/connection.c:5192: connection_finished_flushing: This >line should not have been reached. (Future instances of this warning will >be silenced.) (on Tor 0.4.5.6 ) This was reported 3 days ago: https://gitlab.torproject.org/tpo/core/tor/-/issues/40295 And we pushed a fix upstream and will be in the next tor stable release thus 0.4.5.7. As for the timeline of that release, unclear but I will make a point to the network team to make it sooner than usually because this problem is effectively making the MetricsPort unusable :S. Sorry about this. Thanks for the report!!! David signature.asc Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] anyone else getting sync floods from russia?
Not at home but its just a cronjob running every x minutes and checking via netstat how many connections I get from every single IP. If I get say 2 connections from a single IP it would be blocked with iptables. Nothing fancy at all but it works as long as there are very few IPs ddosing me. It fails if there is a botnet and/or multiple /22 who connect to only a few ports per IP. I am sure a fancy Cisco Next Generation Firewall would be much better but I am too poor to even look at it. Tracking every connection with iptables is very cpu intensive if you have a few 100k connections running on every server … so not really doable. Right now my problem is: Whats all this about. - I got no love letter beginning with: "If you want to stay online send us x Bitcoins to …. “ so this is not blackmailing me … - In case some abuse pissed someone off and they decided to shut me down. This is an expensive attack over multiple days and high amounts of traffic. I doubt that someone is throwing a bunch of money in this just because they are pissed. - State actors aka Russia trying to shut the network down? In this case they should be attacking others too. No answers in here = doesn't look like they do … > On 21. Feb 2021, at 12:12, Toralf Förster wrote: > > On 2/20/21 12:29 PM, niftybunny wrote: >> We already changed the timers on the TCP connections and we have scripts >> running which are blocking IPs who will send us x connections. Right now >> they changed tactics and for me it looks like SYNC flood from datacenter IP >> ranges and a few 100 IPs which undermine the easy blocking. > Would an iptables ruel with "recent" and "limit" be a solution here ? > If yes, how do you use that (do you have a code snippet)? > > -- > Toralf > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] anyone else getting sync floods from russia?
On 2/20/21 12:29 PM, niftybunny wrote: We already changed the timers on the TCP connections and we have scripts running which are blocking IPs who will send us x connections. Right now they changed tactics and for me it looks like SYNC flood from datacenter IP ranges and a few 100 IPs which undermine the easy blocking. Would an iptables ruel with "recent" and "limit" be a solution here ? If yes, how do you use that (do you have a code snippet)? -- Toralf ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays