I was hit with a DDoS attack > 1gbps on 2016-01-21 11:30 EST on the IP that host my tor exit node. My hosting provider began succesfully mitigating the attack and my service was unaffected besides a slight dip in network throughput.

They attacker quickly stopped the attack when they realized if was being blackholed as my IP was removed from automatic mitigation 15 minutes later.

They did not attack other IPs in that netblock or any other of my netblock that host my legitimate buisness.

DDoSing a medium-to-large exit node seems counterintuitive to me... unless you are a government.

Le 2016-01-26 14:32, Green Dream a écrit :

My hosting provider alerted me of a DDoS attack on one of my relays. It started around 2016-01-26 12:42 UTC. They claim they tried "filtering, routing, and network configuration changes" to mitigate the attack, but as a last resort they temporarily disconnected the host from the network for 3 hours.

I know such attacks are not uncommon, but I'm curious if any other operators experienced a DDoS around the same time?

I'm also curious to know more about the nature of such attacks -- what type of attack was it, what is the general end goal of attacking a random Tor (non-exit) relay, etc. My hosting provider is unable or unwilling to share additional information.
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays