Hello dear list readers and contributors,
We received UDP floods (mostly through DNS Amplification) which were usually 60-70 GBit/s in size, up until a month ago this was not a problem for most of the exit relays lifetime, because we had a custom Tilera sitting between our server and the remaining infrastructure.
Since the Tilera hardware was leftover hardware that we initially bought, maintained and installed in agreement with the colocation contract, the DC had no responsibility for it.
Last month the Tilera failed, and additionally the DC had constant issues with their line-cards.
So, now we just had our 1GbE link and the default 10GbE scrubbing provided by the DC's routers.
This was not nearly enough, the largest attack ever we saw after that was reported to be over 140 GBit/s and also knocked some other servers in the same room offline too.
These attacks were not directed towards my VM's bridged failover IP on the colocated server that I share with my friend, but towards the game servers he was hosting on his main NIC IP.
Right now, every single attack above 10 GBit/s traffic will result in a null-route if it exceeds 60 seconds.
This is incredibly cheap for malicious attackers to achieve, so I decided to take the relay offline for good and wipe the keys as well, both on my encrypted online cloud sync provider (MEGA) as well as from my machines MEGASync folder.
The fingerprint is / was: 0F8538398C61ECBE83F595E3716F7CE7E4C77B21
If you look it up now, you will see it used to be on my own link for a while, but since we don't have a static IPv4 assignment (VDSL2 is still incredibly popular in rural areas such as the one that I live in), so the constantly changing IP address would have been just a pain in the butt for clients (one forced DSL disconnect every 24 hours).
I currently don't have enough money for a decent dedicated server or VM and a host that I can trust which doesn't have too many Tor relays already.
In total, according to vnstat, we routed 20TB's of exit traffic per month for the last 3 months, the relay was up for a total of around 292 days with a fresh set of secret keys, the relay before that, same name but different keys, was online for around 60 days while optimizing the hypervisor, libvirtd and guest OS for maximum performance / throughput).
According to my calculation, we have contributed roughly ~180 Terabytes of exit traffic, and maybe 500GB's of Guard traffic (this was mainly an exit relay, so I didn't expect much more).
I personally have been hosting Tor (Exit) Nodes for almost 10 years under different names and e-mail addresses, and it is definitely a New Year's resolution to continue that fashion.
Tor was incredibly helpful for me, so I will continue return the favor.
I also will continue to be active on the mailing list to help new people, as long as my time allows for it.
Happy Holidays to everyone reading this, I sincerely hope you have a good time with your family and friends.
All the best, -GH