Hi,

the node is back online.

Everything works normally, and I don't get any bogus SSH packets when using iptraf-ng.

Also, we noticed reverse path filtering was off on the VM.. we enabled it. but don't know why it was off.. I configured the ArchLinux VM's /etc/sysctl.d entries on my own, and it is still enabled on boot, or at least should be, but it wasn't.

I checked since I believe arma mentioned it.

All the best,
-GH
On Sunday, November 10th, 2024 at 6:50 PM, George Hartley <hartley_george@proton.me> wrote:

Hello, add me to the list too.

Started receiving packets 3 days ago and Tor Weather sent me an e-mail regarding it.

Sad that I could not respond further.. I try to maintain an extremely high uptime. So far, the node has only been been offline for 6 hours in 6 months.. now it's been 72 hours :(

I also got a Tor Weather notification, which finally got my attention.. sadly 3 days too late. It also took my friend some time to travel to the data center, I don't live in the United States, he does, but it's like 45 minutes using the nearest bus for him.

The DC staff refused to re-connect our power-cable, since we allegedly "abused" their network "to a great extent" (in quotes text is from DC staff).

I mailed them about this mailing list, and they finally understood, or it seems that way.

My hoster sadly did not notify me, they just took the entire colocated server offline, even if they know that the IP 104.219.232.126 is a bridge IP allocated through QEMU macvtap bridge using the servers physical 10GbE Synology E10G22-T1-Mini network card, and that we own the server including it's main IP address I use for SSH.

They could have just nullrouted 104.219.232.126, but no, they nullrouted both my main IP and the KVM IP, and even "illegally" removed our the power cord, and according to our lawyer, should not have touched our network card card too, since it's specified in the contract that the owner of the server will do all maintenance, but it's unclear if we can do much anything about it. They still own the room, and since it was not clear to them that the packets came from card.. it's a shitty situation.

Will update once everything is restored.

Sorry for the downtime.

I unfortunately could not do iptraf-ng or use mtr to find out the culprit network.

-GH

It appears that the Tor node ExitTheMatrix (fingerprint: 0F8538398C61ECBE83F595E3716F7CE7E4C77B21) has been uncontactable >through the Tor network for at least 48 hours. You may wish to look at it to see why.

You can find more information about the Tor node at:

https://metrics.torproject.orgrs.html#details/0F8538398C61ECBE83F595E3716F7CE7E4C77B21

You can unsubscribe from these reports at any time by visiting the following url:

https://www.torweather.org/unsubscribe?hmac=nope&fingerprint=0F8538398C61ECBE83F595E3716F7CE7E4C77B21

The original Tor Weather was decommissioned by the Tor project and >this replacement is now maintained independently. You can learn more here: 

https://github.com/thingless/torweather/blob/master/README.md

-GH