Lately seeing escalating abuse traffic on the relay dirport, now up to 20k rotating source IP addresses per week.
The simple solution is to disable dirport, but the relay is a fallback directory and I don't want to make a change that will negatively affect the relay's ability to function as such. Would disabling dirport be a problem?
also:
can a non-advertised dirport be left configured for local-system use while the public advertised dirport is disabled?
does a command utility or method exist for querying dirport documents via tunnelled-dir-server? including miscellanous documents such as
/tor/status-vote/current/consensus.z /tor/keys/all.z /tor/server/all.z /tor/extra/all.z
/tor/server/fp/<fp1>+<fp2>+<fp3>.z /tor/extra/fp/<fp1>+<fp2>+<fp3>.z /tor/micro/d/<hash1>-<hash2>.z /tor/keys/fp/<v3ident1>+<v3ident2>.z
thanks!
Dirport is a handy convenience, but is not essential to proper functioning of the network. Put a connection rate-limit on dirport and it stopped the abuser cold. Dirport traffic went from 15% of total back down to 1-2% where it belongs.
Nonetheless the questions posed are valid.
At 12:25 5/18/2018 -0400, starlight.2017q4@binnacle.cx wrote:
Lately seeing escalating abuse traffic on the relay dirport, now up to 20k rotating source IP addresses per week.
The simple solution is to disable dirport, but the relay is a fallback directory and I don't want to make a change that will negatively affect the relay's ability to function as such. Would disabling dirport be a problem?
also:
can a non-advertised dirport be left configured for local-system use while the public advertised dirport is disabled?
does a command utility or method exist for querying dirport documents via tunnelled-dir-server? including miscellanous documents such as
/tor/status-vote/current/consensus.z /tor/keys/all.z /tor/server/all.z /tor/extra/all.z
/tor/server/fp/<fp1>+<fp2>+<fp3>.z /tor/extra/fp/<fp1>+<fp2>+<fp3>.z /tor/micro/d/<hash1>-<hash2>.z /tor/keys/fp/<v3ident1>+<v3ident2>.z
thanks!
Hi
Am 19-May-18 um 16:28 schrieb starlight.2017q4@binnacle.cx:
Dirport is a handy convenience, but is not essential to proper functioning of the network. Put a connection rate-limit on dirport and it stopped the abuser cold. Dirport traffic went from 15% of total back down to 1-2% where it belongs.
Nonetheless the questions posed are valid.
At 12:25 5/18/2018 -0400, starlight.2017q4@binnacle.cx wrote:
Lately seeing escalating abuse traffic on the relay dirport, now up to 20k rotating source IP addresses per week.
It makes sense to rate limit (syn/sec) and connection limit Dirport usage. I do this since years. The smaller a relay is the more it suffers from excessive clients. Can we get the DOS mitigation to perform it? As long as I observe this issue it behaves like the Orport misuse in the near past.
On May 18, 2018 4:25:23 PM UTC, starlight.2017q4@binnacle.cx wrote:
Lately seeing escalating abuse traffic on the relay dirport, now up to 20k rotating source IP addresses per week.
How do you detect it?
Will tor log it in the logs where I can look for it or do you monitor the TCP/IP stack ?
I run two relays (milanese one of them) besides basic OS level monitoring I don't monitor much else.
I wonder if I should monitor more or what to search for in logs (I run my relays without logs since I don't have an use for)
Thanks
tor-relays@lists.torproject.org
-
Felix -
gustavo -
starlight.2017q4@binnacle.cx