Hi mick > And I run 0xbaddad - EA8637EA746451C0680559FDFF34ABA54DDAE831 a guard > (though whether it stays a guard depends. It keeps falling over.) Still guard
> (As an aside, I'd be very > grateful for any feedback from other relay operators who /have/ added > iptables "connlimit" rules. What is your view either way?) It's currently good to be restrictive. May-be a *per ip* limit of 20 (slow DoS) and a *per ip* rate of 1 per sec (fast DoS) is good. I am on Freebsd so I can not give you a good idea. May-be try what tordoswitchhunter in [1] recomments (/32 is good). You have to harvest your own hostile IPs :/ > So: My logs show Tor staying up for around 10 minutes at a time before > rebooting with the following sort of entries: > > Dec 21 16:25:44.000 [notice] Performing bandwidth self-test...done. > Dec 21 16:35:20.000 [notice] Tor 0.3.1.9 (git-df96a13e9155c7bf) opening > log file. Dec 21 16:35:20.946 [notice] Tor 0.3.1.9 > (git-df96a13e9155c7bf) running on Linux with Libevent 2.0.21-stable, > OpenSSL 1.1.0f, Zlib 1.2.8, Liblzma 5.2.2, and Libzstd 1.1.2. Dec 21 > 16:35:20.947 [notice] Tor can't help you if you use it wrong! Learn how > to be safe at https://www.torproject.org/download/download#warning Dec > 21 16:35:20.947 [notice] Read configuration file > "/usr/share/tor/tor-service-defaults-torrc". Dec 21 16:35:20.947 > [notice] Read configuration file "/etc/tor/torrc". Dec 21 16:35:20.951 > [notice] Based on detected system memory, MaxMemInQueues is set to 369 > MB. You can override this by setting MaxMemInQueues by hand. Dec 21 > 16:35:20.952 [notice] Opening Control listener on 127.0.0.1:9051 Dec 21 > 16:35:20.953 [notice] Opening OR listener on 0.0.0.0:9001 Dec 21 > 16:35:20.000 [notice] Not disabling debugger attaching for unprivileged > users. Dec 21 16:35:21.000 [notice] Parsing GEOIP IPv4 > file /usr/share/tor/geoip. Dec 21 16:35:21.000 [notice] Parsing GEOIP > IPv6 file /usr/share/tor/geoip6. Dec 21 16:35:22.000 [notice] > Configured to measure statistics. Look for the *-stats files that will > first be written to the data directory in 24 hours from now. Dec 21 > 16:35:22.000 [notice] Your Tor server's identity key fingerprint is > '0xbaddad EA8637EA746451C0680559FDFF34ABA54DDAE831' Dec 21 16:35:22.000 > [notice] Bootstrapped 0%: Starting Dec 21 16:35:31.000 [notice] > Starting with guard context "default" Dec 21 16:35:31.000 [notice] > Bootstrapped 80%: Connecting to the Tor network Dec 21 16:35:31.000 > [notice] Signaled readiness to systemd Dec 21 16:35:31.000 [notice] > Opening Control listener on /var/run/tor/control Dec 21 16:35:31.000 > [notice] Bootstrapped 85%: Finishing handshake with first hop Dec 21 > 16:35:32.000 [warn] Problem bootstrapping. Stuck at 85%: Finishing > handshake with first hop. (Connection refused; CONNECTREFUSED; count > 10; recommendation warn; host CD14AE63A02686BAE838A8079449B480801A8A5F > at 195.181.208.180:443) Dec 21 16:35:32.000 [warn] 9 connections have > failed: Dec 21 16:35:32.000 [warn] 9 connections died in state > connect()ing with SSL state (No SSL object) Dec 21 16:35:32.000 [warn] > Problem bootstrapping. Stuck at 85%: Finishing handshake with first > hop. (Connection refused; CONNECTREFUSED; count 11; recommendation > warn; host 500FE4D6B529855A2F95A0CB34F2A10D5889E8C1 at > 134.19.177.109:443) Dec 21 16:35:32.000 [warn] 10 connections have > failed: Dec 21 16:35:32.000 [warn] 10 connections died in state > connect()ing with SSL state (No SSL object) Dec 21 16:35:32.000 [warn] > Problem bootstrapping. Stuck at 85%: Finishing handshake with first > hop. (Connection refused; CONNECTREFUSED; count 12; recommendation > warn; host 3DE7762DD6165FD70C74BD02A6589C8C0C1B020A at > 62.210.76.88:9001) Dec 21 16:35:32.000 [warn] 11 connections have > failed: Dec 21 16:35:32.000 [warn] 11 connections died in state > connect()ing with SSL state (No SSL object) Dec 21 16:35:32.000 [warn] > Problem bootstrapping. Stuck at 85%: Finishing handshake with first > hop. (Connection refused; CONNECTREFUSED; count 13; recommendation > warn; host 03DC081E4409631006EFCD3AF13AFAAF2B553FFC at > 185.32.221.201:443) Dec 21 16:35:32.000 [warn] 12 connections have > failed: Dec 21 16:35:32.000 [warn] 12 connections died in state > connect()ing with SSL state (No SSL object) Dec 21 16:35:32.000 [warn] > Problem bootstrapping. Stuck at 85%: Finishing handshake with first > hop. (Connection refused; CONNECTREFUSED; count 14; recommendation > warn; host 51939625169E2C7E0DC83D38BAE628BDE67E9A22 at > 109.236.90.209:443) Dec 21 16:35:32.000 [warn] 13 connections have > failed: Dec 21 16:35:32.000 [warn] 13 connections died in state > connect()ing with SSL state (No SSL object) Dec 21 16:35:32.000 [warn] > Problem bootstrapping. Stuck at 85%: Finishing handshake with first > hop. (Connection refused; CONNECTREFUSED; count 15; recommendation > warn; host 500FE4D6B529855A2F95A0CB34F2A10D5889E8C1 at > 134.19.177.109:443) Dec 21 16:35:32.000 [warn] 14 connections have > failed: Dec 21 16:35:32.000 [warn] 14 connections died in state > connect()ing with SSL state (No SSL object) Dec 21 16:35:32.000 [warn] > Problem bootstrapping. Stuck at 85%: Finishing handshake with first > hop. (Connection refused; CONNECTREFUSED; count 16; recommendation > warn; host 03DC081E4409631006EFCD3AF13AFAAF2B553FFC at > 185.32.221.201:443) Dec 21 16:35:32.000 [warn] 15 connections have > failed: Dec 21 16:35:32.000 [warn] 15 connections died in state > connect()ing with SSL state (No SSL object) Dec 21 16:35:32.000 > [notice] Bootstrapped 90%: Establishing a Tor circuit Dec 21 > 16:35:33.000 [warn] Problem bootstrapping. Stuck at 90%: Establishing a > Tor circuit. (Connection refused; CONNECTREFUSED; count 17; > recommendation warn; host 1FA8F638298645BE58AC905276680889CB795A94 at > 185.129.249.124:9001) Dec 21 16:35:33.000 [warn] 16 connections have > failed: Dec 21 16:35:33.000 [warn] 16 connections died in state > connect()ing with SSL state (No SSL object) Dec 21 16:35:33.000 [warn] > Problem bootstrapping. Stuck at 90%: Establishing a Tor circuit. > (Connection refused; CONNECTREFUSED; count 18; recommendation warn; > host DAC825BBF05D678ABDEA1C3086E8D99CF0BBF112 at 185.73.220.8:443) Dec > 21 16:35:33.000 [warn] 17 connections have failed: Dec 21 16:35:33.000 > [warn] 17 connections died in state connect()ing with SSL state (No > SSL object) Dec 21 16:35:33.000 [notice] Tor has successfully opened a > circuit. Looks like client functionality is working. Dec 21 > 16:35:33.000 [notice] Bootstrapped 100%: Done > > So - I get loads of CONNECTREFUSED whilst coming up (presumably because > of the attack) and then come fully back online. IMO your tor searches for guards and they are under load, gone or lost their guard flag. Finally you found a guard :) [1] https://lists.torproject.org/pipermail/tor-relays/2017-December/013839.html -- Cheers, Felix _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
