-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 My router has also dnsmasq running, but this is not crashing. Although the requests are quite high.
I have an iptables rule for the directory port of tor and the rest of my ports. The directory port is hit dramatically since 2 1/2 weeks. The other ports, 20,21,22,25,80 and so on, are bruteforced in the common way as it is known on the i-net :) Gordon Morehouse <[email protected]> schrieb: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA512 > >elrippo: >> Am Dienstag, 3. September 2013, 15:35:04 schrieb adrelanos: >>> New hypothesis: This is an attempt to shut down the Tor network >>> once and forever. >>> >>> Might this be an attack on the Tor network with the goal to make >>> it that slow for everyone, that no one will use it anymore? >>> (DDOS) >> >> The Thing on my node's is simply the fact, that TOR Exit's keep >> DDOS'ing my Router. > >Meanwhile, my Tor *relay* is DOSing its own router. If anybody from >the Raspberry Pi thread is reading (and I'll post it there later if >not when I've observed it more), on 0.2.4.x, the Pi can handle most >circuit storms without crashing (though it still does, quite rarely), >but somehow it's causing my NAT router to partially/completely fail >and I still haven't figured out exactly how. It starts happening >*before* the ip_conntrack table is full, and it's considerably smaller >than the point at which ip_conntrack entries can trigger the OOM >killer, so I don't know yet what's causing it. The router has also >handled plenty more simultaneous in/out bandwidth in the past. >Regardless, the router starts dropping packets, and killing Tor stops >it, and restarting Tor soon enough (so most connected clients are >still in their retry period before giving up) starts it again >immediately. > >In fact, I've just woken up - started my Tor node a few hours ago >before going to sleep - and it appears to be starting to beat my >router down now. Router load isn't high, it doesn't seem out of >memory - when you can hit the status page - but ping times start to >climb or time out, and the first canary to fall over is DNS resolution >(the router "does" DNS via DNSmasq). > >Sigh... > >> This started with 140 Exit nodes in my daily blacklist. The Past >> week it did grow to about 220 Exit nodes increasing constantly at >> 10 more by day. The interesting thing is, that these are always >> the same nodes, so on my behalf this tastes like a botnet. > >They're DDOSing *you*? How so? > >Best, >- -Gordon M. > >-----BEGIN PGP SIGNATURE----- > >iQEcBAEBCgAGBQJSJ175AAoJED/jpRoe7/ujswcIAMCvTRWuBkyktpQp6RgzB46i >UVtPDf3VrMYNhprUYxmDx7LMXVwQtOwKtiK6poMBbiheJkj1ut/xRG0D/fvPg94q >+TZfQQPCH4Imvy9c23vF7/uCDKoMx+tGYUKqbqThhZAuZGLMnmsUQQLS2ehq0YC8 >iQiL+YYVAgTRfkiU2VvVDnP0TMjYspH9yn1VkkaNZanQFCZH1Br3tHjVxg/lSOje >sA1ShlWs1kfBd9/GbItkH3g8ZBuKO7i/aAOlpiZRkEA0ZmBX5tuhhuey06bqcky0 >zNbRCp87OEPsryDApjdhrybWrLo0dw302DC0S+SnUJ4j7gRz4cE/kvTDMnmE9Jo= >=hhRF >-----END PGP SIGNATURE----- >-- >tor-talk mailing list - [email protected] >To unsusbscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk - -- We don't bubble you, we don't spoof you ;) Keep your data encrypted! Log you soon, your Admin [email protected] Encrypted messages are welcome. - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.11 (GNU/Linux) mQINBFH797MBEAC0Y0NeI7lmDR9szTEcWuHuRe0r/WjSRC0Nr5nXsghuMcxpJ3Dd BOBimi4hdMMK4iqPVMwNw6GpKYR3A9LHHjbYRXHUKrJmB+BaJVyzJXN5H6XvxTTb UfX+DaXAGJW/G+3cBB3qm/QaU8QGkBKfXq0DLTaTGPkGKxEAldj/8onGZhawdJs+ B92JrW+S2HDh15pIuXzSqe7eCcIOdvvwfWe0fJi2AraA7LYGpxP6GcC/b9JJpbq5 Y6DfE2Aun9ZK3iHqURyrms0Whbv1CgmUahL2MVYCsTsXwe0GwlAxxKvjXAiXuo+R 9wO5wsXvVVSVNqsk9Yqi+wYzdPKndTU0GyxSApQHroF+cxaZ8Lk0xloj18+LdCSs e5IiTSXH0MMsDdWWdHlrgk+bgDG+0Gu3ne4vMwGdKO7AhYgQW/ueMy4RnkG/nsV9 jry5BO4gGAI1Ij8KvqUzEnvJFGE3ptJogU+zazWWDUWmL3ecKb3aDRlJFnZ3kJ5h q8GolZVjpk99V+4B5WVRPXdej/p5J19tXycK/jdNmr4oC8NyUhIpe8xHELnfoB4z +rxiTx+KMnW0rY8EQg8O2ixEYt5my90IwQkxcxIxextVrqjJjYn8extc2/v8yGzI KmTEJxdADB5v/Jx4HiLHNDSfBUb8gfONCkNSTYvTcSwTjWzHOkXeE/9ZbQARAQAB tD5lbHJpcHBvIChrZWVwIHlvdXIgZGF0YSBlbmNyeXB0ZWQpIDxlbHJpcHBvQGVs cmlwcG9pc2xhbmQubmV0PokCOAQTAQIAIgUCUfv3swIbLwYLCQgHAwIGFQgCCQoL BBYCAwECHgECF4AACgkQhN8ffmrgNkT8+BAAoAXBqu4/O2Cs5FSWWZpzgScNEgq7 uHhOKeYmRfgKlOUPoYlPB1DBqdOAXSKb9OvsmyOvpoGnqijB7aAJBoyQYW/OCQgd U8L4eTCf4yRZnfFLdgskcPfN1p0Rs/yinGEooBJFtYa7mT6J0UTW2JjCLZK2AFCW oF+KBu5JICXGBXigb2ZbX1jWjxP5H1RidQw6HF5z4z34SjLWAOOeZ8B/Xfz6Fs0s IAuLu2O4HE4DI8Qu196LhSVHHgr3uMTkvN1t5nKwyjrRQztwXXk9qIomII3ydNYb BYAGdWNNMfLb1kmDwC5wQHAFvSP1aiMF3aKAY+gl2wXSGO6JqM0SteJS3dytIljI kzu0atc9HuGs/HDQgdmpAS4WU2YefEr/WieltSiAKlwuC+3wg+CONJ6TE1vgNDU/ axerttb0jq7UQb/nAp05bsrB7XH1Vs+1ON9lUPEfWRmwQcrVK5JUrUWa/4tA/UeM XvFcPFtFluGTlLewgJIqcvjPXFwpbDZprXJsMkwew/A6B6n3+0sbgf7p3QSGkVbi dwQAymTbHdYqLnbcnKZhjto3Wjw1J5QB2wuiRYlpjV3i7AWTGlqoSTOWCCV+HamQ qeFYNYAWNFx3+J/oi7xDi8t9bHVNA205equ+y2sj3G5uGJ6LSHQ8AXp9uOipUUvU 1MJN0yLXr9PIwvi5Ag0EUfv3swEQAL0+MnxHGrTjSYdfdua4SBpmytDONM1EngeY s+WyaC/760MughKbaysI/nK2LB1vnwEY7f3NM4fxBx8u2T7VBm6Ez6Fs23Bb8Rkz f97bPSdxCmg64GPHfLA9uwTIXcYS+MpI86WOf6eWY0rRpf7Y9Nl7YoUNvzOyUPqc ggdcnHce8zYv7A/WS8flZDm8tVFPsHrQDEwNMws7ZhiNnHkeZeRJrvCuB7oEVich O/ROYoA5o6NozWYQbjxe1f6Yur4Q10qgVcxVnyLFJSbg6vZSzL7KYh3Z5iBOzPHt 7cwEDrW8W4Kl2Qj8rhJ4Wxs94CAtua7IXK44sVZWQbyHcOXRikgGMZKkEZzVCQa5 KD1u1ZrcBCyuMAir0hsmS3jhCUwpiE2c3SRk8O8CgixhTcBk0X/k9ZFu3Hbi1JMB FLzs/Nq3tYAYvVivhPloSxmYBPsafYHCZM83yBNNsralXh5zjB+di90G+AMXt2PN LTcdovZuWtC0s8/jrx+zv/AA4FAGYU9OVl+YL9ybFX8gSdMEcixyzQcKfiFBjpWv 5iFrwIuDlaXMcheyrhc9aGOxfx44OXc505+VjO/1Q/8EOWlJ6UwOi6GMkj5T+RFJ MDyP0UixS7dt6wTuD5t6PRuyWWxZswgrbL9hjwGFr154Z19TWeNWc23pWtUvQJos UCxl2nFHABEBAAGJBD4EGAECAAkFAlH797MCGy4CKQkQhN8ffmrgNkTBXSAEGQEC AAYFAlH797MACgkQJEPd69lQ0evA+Q/+M7lSFlrQWiRsFqDjh+kTJc+0OEBCvnfo N2KPyXXbfc//qup55PfEygE6C60zvrlv3WE33GZ5GS5MLuDMP82b+a5Yt16NQU7L WtAg1g0S0BvazW+28TgnfO8bhbGaFeE9ccw3xLmlbwZQ3f3LtMKdwFIROiG6hvAs 9U54QYti3tv9DowRYYWpdr0Ga8RqeGNtCKc0v2opy51MpzKWjwUW0i3XlSlyY8Lj 1KT8PyznNPw32nYpmDizz+0OUJNnn/kT+GnFoR3DJnFosTOrnxFJp+N+nejMp/gW r9NM0/E7H+P53IiytBOt5/0vsOaCFGdYGhKEjmJi3dHS4Xk1ObD1mjdD1YDOlWWU 3Md6BDHd4W7Q8gT7oQfTIMLd3HzV+WNPIdocPLBaeA/tRD8Pg5CCmncAmSub4F5T An7FlnACtSOv3cIWQ0TymS42DihDaJ5d1RvNzKw+zHYdPvf471JFZR3TDhkPbLIr 9czR7kbpnXRwchgwXQn306NVWf37TgA8wpbnFTazZ38iOeqcb9oKprqnbgEdr3PN OhKSlMTkzAqf3MEi2Fyua4BADMhS3oBwCRgDTlt6wquEytpNSlZaHnyiyIgOpekF Uy5K3w8NhHqeifRPrNb/UcCbXtXz+puqIEZHMenpv6FRlTTKpdoHoVXSkp1TPMGN /VaCiLbP4Z3xEw/9EbAJJkhmmx1Qw3ueoqc4h1MmhUtIdxSZ/oA9SjwlnY++zvaZ 6w1wTS4P+OUkETNDtItdpxXMJ9qfSy9voAQc2K43WMZCCmpPJYSdqaZZNPFj+Ne8 6FNtNKuUkXREybpHwlVAXnHzInmFOOM9RAmF70r3zEmKt77W1ztBLo2o9X79gPgL u9ThgrH6Oc2k46n+9nc3joccr7miiX/bp976DNWcWdOYThiSSOCb8Zw9/Zs935i1 wUVkYTj24tmBH4H5ov9ib7RPmU21ru458RbUKG0ONAqBtAHNyXHzUnXsrke+D4VW MI06YcXSk8YeYgQ8GxgHQc+W2bb8LIbKN1hEYJ0wzM62vKR2/Oiwuf8lXutIKTuz +v7Vj1PQd66DGHsxtWRaWnr1c54JTL2wICHJYKFH4grp7864+GL/uQ1O/Z/XxVku E1JQ/AnwBGU1M1S6otwWGWVRjzEzQtxsfcCEPvV/9td3FIFQAbGTPb+48XFU+TY9 8AlcXBlDzXq7c5f8Evn/oSIsZDt63K4HNTmMGqOTl/p1aA0e4eyX76LczY06rDP5 GMSNs+AHmYgZiS4RYhRUIvS9uLXMnnDAMYst0SDl2orDUUeHBTzu0rchyknBZMGP p5wQuWQ9CFlV+dj3UYbrBwC1lTkAMXRG2vlhA0V0TZqos7A5D4VHgSUQQjE= =otlL - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: APG v1.0.8 iQJcBAEBCABGBQJSKCoDPxxlbHJpcHBvIChrZWVwIHlvdXIgZGF0YSBlbmNyeXB0 ZWQpIDxlbHJpcHBvQGVscmlwcG9pc2xhbmQubmV0PgAKCRAkQ93r2VDR60T9EACv Nl3RA421yDayo0UVmx83RzE9d+0AhTMFL2RgONFnwhD+vRK+/6qybTaQ8EpJCNge bQVQYkzYCebH46GewirEt0j90pBkKW3gD8gHOEePRZ2z3x9jWxuuDE6i7y5E8C70 7gwYO5InlLgMYvjmaqPbtIYO6uxb1Td7IC1NTHYUjZVWeICMQPuQmBFa9vyL24nR BAPQjRf8DDTpz4hHDCP+f7H8IfIqmyvuFYb5PjtWApLaNVloZVR3m0WF/G0GKMiU xhys5fIUuwUlFzlo2QCyuw+qTa3xhFR7T/OF+UQBJi6gxb+1zXNOhrmMQ/zzdPCH B8FaFpzkNNIyL4ANOLrqSBrxdYATvf1Tn3H7NbrhuzOUYFjVtDaICtOGZ4nOeXc5 k3Tn6qAhg4rx4K8H8+PBF6nYQge3Og880LjiifZYEtzxEGMYMjqLeP421kOzwATH beYF4SGK6OqnXI5Mjm6S4msSb707OH4ReVn1SpbMeSEKP56tivAfJZQ6x7fUloxM oc3z+7TPeTrtNV/qa9oUGN8YOYZrQlgMgql6dmDoqi8ai35j2zKgmE1fynd5y0IL F5ryZhgXT3PGmuKHrmmmXcZKMoy7uFPXhb/sbStM7efb1/t4g3c9CtTZCDEzV6xt FZ3RN6/mgPZKHDq5OlzOSpdcfd25gtvKilmSdBQ4RA== =beL/ -----END PGP SIGNATURE----- -- tor-talk mailing list - [email protected] To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
