Me, too: 4 on 178.16.208.0/24 and 10 on 217.12.223.0/24
Sent with [ProtonMail](https://protonmail.com) Secure Email.
-------- Original Message -------- Subject: Re: [tor-relays] DoS attacks on multiple relays Local Time: December 5, 2017 7:00 AM UTC Time: December 5, 2017 12:00 PM From: valter.jansons@gmail.com To: tor-relays@lists.torproject.org
A little relay node of a consensus around 220 checking in here. I am seeing pretty much the same as others are reporting - 11 on 188.214.30.0/24 and 10 on 217.12.223.0/24. The AS is called THC Projects SRL. They seem to provide VPS hosting among other things and [ipinfo.io/AS51177](https://ipinfo.io/AS51177#domains) reports that they host a lot of domains over there as well. Not sure how seriously one should take this, but it's interesting for sure regardless.
-- 4096R/A83CE748 Valters Jansons
On Tue, Dec 5, 2017 at 1:50 PM x9p tor@x9p.org wrote:
my second and third positions are similar:
9 217.12.223.0/24 (family and contact info set) 8 178.16.208.0/24 (family and contact info set, too)Interesting to see. I have similar stats. 10 connections from 188.214.30.0/24, second up 8 connections from 178.16.208.0/24. Thanks!
On Tue, Dec 5, 2017 at 4:27 PM, x9p tor@x9p.org wrote:
first measure on a good day how many connection per /24 your exit/relay have, excluding these with 1 2 or just 3 connections:
# netstat -tupan | grep ESTABLISHED | grep /tor | awk '{print $5}' | awk -F: '{print $1}' | awk -F. '{print $1"."$2"."$3}' | sort | uniq -c | sort | egrep -v ' 1 | 2 | 3 '
with this information in hand, double the max of it (mine was 10 connections from 188.214.30.0/24):
10 188.214.30iptables -A INPUT -i eth0 -p tcp -m connlimit --connlimit-above 20 --connlimit-mask 24 -j REJECT --reject-with tcp-reset
cheers.
x9p
connlimit per /24. it does more good than evil.
Any guidance on the specifics? Like how many concurrent connections to allow per /24? Not sure what's expected from legitimate user traffic through the relay... don't want to make things worse. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-- Regardless, I hope you're well and happy - Aneesh _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays