[tor-relays] DoS from my tor guard VPS
Pascal Terjan
pterjan at gmail.com
Tue Nov 15 20:57:51 UTC 2016
On 15 November 2016 at 20:41, Arisbe <arisbe at cni.net> wrote:
> One of my tor guard relays is a medium size VPS operating in the Czech
> Republic. It's been up and stable for several years. Several weeks ago I
> was notified that my VPS was a source of UDP DoS traffic. It was shut down.
> Logs showed no intrusions.
>
> I installed a different instance of linux, changed my SSH port, added
> fail2ban and even installed clamav. I did not make changes to the tor exit
> policy. Then, this week I received the following:
>
> "Hello,
> surveillance system detected a disproportionate outgoing DoS traffic on your
> VPS torexitcz and then our network under a DDoS attack. Your server
> torexitcz has been stopped. This is another problem with your VPS. Your
> service will be terminated.
> Thanks for understanding."
>
> Can anyone offer an opinion as to how my relay was used for DoS? How can I
> avoid this in the future? My goal, as always is to provide stable nodes to
> the tor network while protecting myself and my VPS supplier.
>
> 4061C553CA88021B8302F0814365070AAE617270
> 185.100.85.101
Your relay allows exit, and based on the name that seems intentional
If you don't want it to possibly be used for attacks, you should not run an exit
More information about the tor-relays
mailing list