Re: [tor-relays] botnet? abusing/attacking guard nodes by openssl?

> On 21 Dec 2017, at 06:48, Felix wrote: > > Hi everybody > >> * if all 65535 connections on an IP were open to the Tor network, and >> * the biggest Tor Guard has 0.91% Guard probability[0], then >> * it would expect to see 597 connections. > > Sorry if this is a

Re: [tor-relays] botnet? abusing/attacking guard nodes by openssl?

Hi everybody > * if all 65535 connections on an IP were open to the Tor network, and > * the biggest Tor Guard has 0.91% Guard probability[0], then > * it would expect to see 597 connections. Sorry if this is a silly question, but do we know if these are Tor clients connecting our guards? We see

Re: [tor-relays] botnet? abusing/attacking guard nodes

Same shit here. It looks like this: https://i.imgur.com/rokqahz.png Markus “Cheery was aware that Commander Vimes didn't like the phrase 'The innocent have nothing to fear', believing the innocent had everything to fear, mostly from the guilty but in the

Re: [tor-relays] botnet? abusing/attacking guard nodes

On 12/20/2017 04:39 PM, x9p wrote: >> My relay B33BFA9AA0005730C1C0E8F7E6F53CF3C5716BD6 is not currently >> tagged as Guard, and I am seeing more than twenty IPv4s with more than >> 10 connections, and one with 147. Should that be considered normal for a >> non-guard relay? >> >> Cheers, >> >> --

Re: [tor-relays] botnet? abusing/attacking guard nodes

On 20 Dec 2017, at 16:39, x9p wrote: On Wed, December 20, 2017 12:10 pm, Santiago wrote: ... My relay B33BFA9AA0005730C1C0E8F7E6F53CF3C5716BD6 is not currently tagged as Guard, and I am seeing more than twenty IPv4s with more than 10 connections, and one with 147. Should that be considered

Re: [tor-relays] botnet? abusing/attacking guard nodes

On Wed, December 20, 2017 12:10 pm, Santiago wrote: ... > > My relay B33BFA9AA0005730C1C0E8F7E6F53CF3C5716BD6 is not currently > tagged as Guard, and I am seeing more than twenty IPv4s with more than > 10 connections, and one with 147. Should that be considered normal for a > non-guard relay? > >

Re: [tor-relays] botnet? abusing/attacking guard nodes

>> My relay B33BFA9AA0005730C1C0E8F7E6F53CF3C5716BD6 is not currently >> tagged as Guard, and I am seeing more than twenty IPv4s with more than >> 10 connections, and one with 147. Should that be considered normal for a >> non-guard relay? Yes, that seems entirely normal. ​

Re: [tor-relays] botnet? abusing/attacking guard nodes

El 19/12/17 a las 11:13, teor escribió: … > If there are 65535 connections open from a source IP, and they all go to > Tor Guards, and the clients weight connections according to Guard > probability, then the largest guard will have 0.91% of 65535 connections, > or approximately 597. > > Most

Re: [tor-relays] botnet? abusing/attacking guard nodes

On 12/18/2017 11:10 PM, teor wrote: > The number of active connections that can be NATed per IP address is > limited by the number of ports: 65535. (Technically, it's 65535 per > remote IP address and port, but most NATs don't have that much RAM > or bandwidth.) > > Also, genuine users behind a

Re: [tor-relays] botnet? abusing/attacking guard nodes

> On 19 Dec 2017, at 10:10, r1610091651 wrote: > > I don't quite understand the last calculation. It's a slightly better approximation that my wild guess. > "if all 65535 connections on an IP were open" => I'm guessing you mean ports No, I mean: "let's use 65535 as

Re: [tor-relays] botnet? abusing/attacking guard nodes

I don't quite understand the last calculation. "if all 65535 connections on an IP were open" => I'm guessing you mean ports "the biggest Tor Guard has 0.91% Guard probability" => percentage of all entries into the network handled by this guard => 0.91% of all user connections but how many user

Re: [tor-relays] botnet? abusing/attacking guard nodes

On 12/17/2017 10:24 PM, teor wrote: > Using 256 per IP is probably reasonable. Is this a rather arbitrary limit or does this limit fit the use of NATed addresses entirely ? -- Toralf PGP C4EACDDE 0076E94E signature.asc Description: OpenPGP digital signature

Re: [tor-relays] botnet? abusing/attacking guard nodes

> On 18 Dec 2017, at 02:45, Logforme wrote: > > My relay ran out of connections once and also crashed once so I followed the > suggestions in the "DoS attacks are real (probably)" thread and implemented > connection limits in my firewall. Everything have run smoothly since. > >

Re: [tor-relays] botnet? abusing/attacking guard nodes

>My relay ran out of connections once and also crashed once so I followed >the suggestions in the "DoS attacks are real (probably)" thread and >implemented connection limits in my firewall. Everything has run >smoothly since. I missed this thread, thank you for highlighting it! >My only

Re: [tor-relays] botnet? abusing/attacking guard nodes

My relay ran out of connections once and also crashed once so I followed the suggestions in the "DoS attacks are real (probably)" thread and implemented connection limits in my firewall. Everything have run smoothly since. My only concern is how low I can set the number of connections per IP

[tor-relays] botnet? abusing/attacking guard nodes

Guard relay here appears to have come under steadily increasing abuse over the last several months. Belive the two previous threads relate to the same issue: Failing because we have 4063 connections already // Number of file descriptors DoS attacks are real Several times a day a