Hi, yes, I think there is a form of DDoS happening, but I'm not sure.
For example, sampling one of my relays shows ~150 ips that are not
relays with over 14 connections currently. I don't think that amount of
connections from a single IP makes a lot of sense.
I will say, however, I'm not getting overloaded as bad compared to last
year/late 2022, or I don't think I am at least. Banning IPs that appear
to be spamming `connect()` helps a bit. Also banning malformed tcp
segments also helps a bit (think impossible combinations of TCP flags
for example).
On 5/16/2024 2:39 PM, koizoi via tor-relays wrote:
For several weeks now, users have been complaining (see
https://www.reddit.com/r/TOR/comments/1cnmsdz/tor_extremely_slow_lately/,
https://forum.torproject.org/t/is-there-currently-a-major-ddos-affecting-the-networks-availability/12492,
etc) about degraded performance (slow speeds, timeouts) when using
Tor, both to access v3 onion sites and clearnet websites. In my
personal experience, most v3 onion services are responding so slowly
that they're completely unusable.
it turns out that's it not just people's imaginations, looking at
charts on metrics.torproject.org, it can be seen that the time to
complete a 5MiB request over Tor has increased substantially
(https://ibb.co/tp1CHdh). All of this is very reminiscent of the large
scale DDoS that affected Tor relay nodes in 2022-2023.
Tor relay operators have reported "attacks" on their relays, but there
haven't been many details about what kind of attacks are taking place,
other than some people saying that they have been TCP SYN flooded. But
(to me, anyway) SYN flooding doesn't really make a lot of sense as
there are so many Tor relay nodes that would need to be attacked, (and
misconfigured to allow a SYN flood attack to work), and even if it
were a SYN flood, that would cause different behavior than what users
have been seeing (preventing connections to the Tor network rather
than slowing them down).
I understand that DDoS attacks on the Tor network might be kind of a
touchy subject, but it would be good if we could get some information
from the project leadership as to what's going on, what is being done
about it, and what Tor relay operators can do to help prevent attacks
like these from happening.
Thanks
Sent with Proton Mail <https://proton.me/> secure email.
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays