-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hello,
Unfortunately this is not the first time we see this, and it did happen before Faravahar IP address change and before it was experiencing very high latency ( https://trac.torproject.org/projects/tor/ticket/17338 ).
See: https://trac.torproject.org/projects/tor/ticket/16205#comment:3 ~5 months ago
Maybe the bogus discovery of IP address change explains this also: https://trac.torproject.org/projects/tor/ticket/15500
There is obviously something strange going on. In addition to what teor said, the operator should also find out exactly what kind of anti-DoS protection system is used in that datacenter. Maybe something upstream feels attacked when Faravahar is receiving a lot of incoming connections and behaves in a way that is incompatible with Tor.
On 10/23/2015 1:55 PM, teor wrote:
On 23 Oct 2015, at 09:30, Green Dream <greendream848@gmail.com mailto:greendream848@gmail.com> wrote:
I see this from time to time as well. Here's another example:
Oct 17 23:02:44.000 [notice] Our IP Address has changed from 52.64.142.121 to [CORRECT IP]; rebuilding descriptor (source: 86.59.21.38).
52.64.142.121 appears to be an instance on Amazon's EC2. I don't run any nodes on EC2. 86.59.21.38 resolves to tor.noreply.org http://tor.noreply.org.
I'm unable to find any occurrences of this happening from Faravahar, however the issue seems to be fairly common. What's going on?
We've had one suggestion so far: That the iptables forwarding rule from Faravahar's old address might not be preserving the original source address.
Another possibility is that authorities running directory caching proxies are re-using the X-Your-IP-Address-Is header meant for other clients, rather than generating it fresh for every client.
A third possibility is a bug in the tor authority code, which sets X-Your-IP-Address-Is to the wrong IP.
Tim