outgooing UDP flooding on middle relay
Hello, one of my middle relays got auto limited by the ISP because of "outgooing UDP flooding ". The VPS is pure debian8, fail2ban, pub key and nothing else installed - so I highly doubt the give reason for the traffic limitation. Also I cant find anything in the log files. Anybody having experience with such an issue? What to check for please? Paul
How many packets per second? Markus 2016-08-01 14:28 GMT+02:00 pa011 <pa011@web.de>:
Hello,
one of my middle relays got auto limited by the ISP because of "outgooing UDP flooding ".
The VPS is pure debian8, fail2ban, pub key and nothing else installed - so I highly doubt the give reason for the traffic limitation. Also I cant find anything in the log files.
Anybody having experience with such an issue? What to check for please?
Paul
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
The ISP didn’t mention - I would have to ask. What I saw was that the traffic was up about linear from usually 30Mbits to above 100 Mbits over about 6 hours, bringing the CPU to 100% and dropping. Am 01.08.2016 um 14:36 schrieb Markus Koch:
How many packets per second?
Markus
2016-08-01 14:28 GMT+02:00 pa011 <pa011@web.de>:
Hello,
one of my middle relays got auto limited by the ISP because of "outgooing UDP flooding ".
The VPS is pure debian8, fail2ban, pub key and nothing else installed - so I highly doubt the give reason for the traffic limitation. Also I cant find anything in the log files.
Anybody having experience with such an issue? What to check for please?
Paul
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
In and outgoing traffic is the same size? 2016-08-01 14:44 GMT+02:00 pa011 <pa011@web.de>:
The ISP didn’t mention - I would have to ask.
What I saw was that the traffic was up about linear from usually 30Mbits to above 100 Mbits over about 6 hours, bringing the CPU to 100% and dropping.
Am 01.08.2016 um 14:36 schrieb Markus Koch:
How many packets per second?
Markus
2016-08-01 14:28 GMT+02:00 pa011 <pa011@web.de>:
Hello,
one of my middle relays got auto limited by the ISP because of "outgooing UDP flooding ".
The VPS is pure debian8, fail2ban, pub key and nothing else installed - so I highly doubt the give reason for the traffic limitation. Also I cant find anything in the log files.
Anybody having experience with such an issue? What to check for please?
Paul
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
yes about the same - sorry for the page brake dont get it solved in my thunderbird h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) 23 6.559.929 6.748.215 07 4.697.285 4.845.893 15 35.106.193 35.833.114 00 5.129.384 5.289.456 08 12.317.567 12.605.726 16 0 0 01 3.709.181 3.843.988 09 14.913.172 15.278.079 17 0 0 02 4.405.017 4.574.745 10 22.218.874 22.738.508 18 102.138 144.732 03 4.670.091 4.817.785 11 25.700.571 26.306.505 19 275.999 340.633 04 4.711.807 4.853.921 12 32.840.796 33.571.996 20 271.278 382.087 05 4.269.354 4.408.417 13 32.910.527 33.637.092 21 263.147 383.444 06 5.279.142 5.443.890 14 40.052.678 40.824.138 22 176.040 258.865 Am 01.08.2016 um 14:51 schrieb Markus Koch:
In and outgoing traffic is the same size?
2016-08-01 14:44 GMT+02:00 pa011 <pa011@web.de>:
The ISP didn’t mention - I would have to ask.
What I saw was that the traffic was up about linear from usually 30Mbits to above 100 Mbits over about 6 hours, bringing the CPU to 100% and dropping.
Am 01.08.2016 um 14:36 schrieb Markus Koch:
How many packets per second?
Markus
2016-08-01 14:28 GMT+02:00 pa011 <pa011@web.de>:
Hello,
one of my middle relays got auto limited by the ISP because of "outgooing UDP flooding ".
The VPS is pure debian8, fail2ban, pub key and nothing else installed - so I highly doubt the give reason for the traffic limitation. Also I cant find anything in the log files.
Anybody having experience with such an issue? What to check for please?
Paul
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Looks like DOS/DDOS.Is it even possible to DDOS over tor? 2016-08-01 15:04 GMT+02:00 pa011 <pa011@web.de>:
yes about the same - sorry for the page brake dont get it solved in my thunderbird
h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) 23 6.559.929 6.748.215 07 4.697.285 4.845.893 15 35.106.193 35.833.114 00 5.129.384 5.289.456 08 12.317.567 12.605.726 16 0 0 01 3.709.181 3.843.988 09 14.913.172 15.278.079 17 0 0 02 4.405.017 4.574.745 10 22.218.874 22.738.508 18 102.138 144.732 03 4.670.091 4.817.785 11 25.700.571 26.306.505 19 275.999 340.633 04 4.711.807 4.853.921 12 32.840.796 33.571.996 20 271.278 382.087 05 4.269.354 4.408.417 13 32.910.527 33.637.092 21 263.147 383.444 06 5.279.142 5.443.890 14 40.052.678 40.824.138 22 176.040 258.865
Am 01.08.2016 um 14:51 schrieb Markus Koch:
In and outgoing traffic is the same size?
2016-08-01 14:44 GMT+02:00 pa011 <pa011@web.de>:
The ISP didn’t mention - I would have to ask.
What I saw was that the traffic was up about linear from usually 30Mbits to above 100 Mbits over about 6 hours, bringing the CPU to 100% and dropping.
Am 01.08.2016 um 14:36 schrieb Markus Koch:
How many packets per second?
Markus
2016-08-01 14:28 GMT+02:00 pa011 <pa011@web.de>:
Hello,
one of my middle relays got auto limited by the ISP because of "outgooing UDP flooding ".
The VPS is pure debian8, fail2ban, pub key and nothing else installed - so I highly doubt the give reason for the traffic limitation. Also I cant find anything in the log files.
Anybody having experience with such an issue? What to check for please?
Paul
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 1 Aug 2016, at 23:08, Markus Koch <niftybunny@googlemail.com> wrote:
Looks like DOS/DDOS.Is it even possible to DDOS over tor?
It's possible to (D)DOS any server using ping (or DNS, or any other UDP responder). All an attacker needs is the server's IP address, which is publicly available in the Tor consensus. Then they can attack the relay from the Internet. There's no need to use Tor to tunnel the (D)DOS. In this case, Tor doesn't tunnel UDP, so it's unlikely to be the culprit. Tim
2016-08-01 15:04 GMT+02:00 pa011 <pa011@web.de>:
yes about the same - sorry for the page brake dont get it solved in my thunderbird
h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) 23 6.559.929 6.748.215 07 4.697.285 4.845.893 15 35.106.193 35.833.114 00 5.129.384 5.289.456 08 12.317.567 12.605.726 16 0 0 01 3.709.181 3.843.988 09 14.913.172 15.278.079 17 0 0 02 4.405.017 4.574.745 10 22.218.874 22.738.508 18 102.138 144.732 03 4.670.091 4.817.785 11 25.700.571 26.306.505 19 275.999 340.633 04 4.711.807 4.853.921 12 32.840.796 33.571.996 20 271.278 382.087 05 4.269.354 4.408.417 13 32.910.527 33.637.092 21 263.147 383.444 06 5.279.142 5.443.890 14 40.052.678 40.824.138 22 176.040 258.865
Am 01.08.2016 um 14:51 schrieb Markus Koch:
In and outgoing traffic is the same size?
2016-08-01 14:44 GMT+02:00 pa011 <pa011@web.de>:
The ISP didn’t mention - I would have to ask.
What I saw was that the traffic was up about linear from usually 30Mbits to above 100 Mbits over about 6 hours, bringing the CPU to 100% and dropping.
Am 01.08.2016 um 14:36 schrieb Markus Koch:
How many packets per second?
Markus
2016-08-01 14:28 GMT+02:00 pa011 <pa011@web.de>:
Hello,
one of my middle relays got auto limited by the ISP because of "outgooing UDP flooding ".
The VPS is pure debian8, fail2ban, pub key and nothing else installed - so I highly doubt the give reason for the traffic limitation. Also I cant find anything in the log files.
Anybody having experience with such an issue? What to check for please?
Paul
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmmp: teor at torproject dot org
If this is a synflood or any other ddos attack on his vps the tor server would not relay the attack and in and outgoing traffic would be vastly different. Sent from my iPad
On 01 Aug 2016, at 15:12, teor <teor2345@gmail.com> wrote:
On 1 Aug 2016, at 23:08, Markus Koch <niftybunny@googlemail.com> wrote:
Looks like DOS/DDOS.Is it even possible to DDOS over tor?
It's possible to (D)DOS any server using ping (or DNS, or any other UDP responder). All an attacker needs is the server's IP address, which is publicly available in the Tor consensus. Then they can attack the relay from the Internet.
There's no need to use Tor to tunnel the (D)DOS. In this case, Tor doesn't tunnel UDP, so it's unlikely to be the culprit.
Tim
2016-08-01 15:04 GMT+02:00 pa011 <pa011@web.de>:
yes about the same - sorry for the page brake dont get it solved in my thunderbird
h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) 23 6.559.929 6.748.215 07 4.697.285 4.845.893 15 35.106.193 35.833.114 00 5.129.384 5.289.456 08 12.317.567 12.605.726 16 0 0 01 3.709.181 3.843.988 09 14.913.172 15.278.079 17 0 0 02 4.405.017 4.574.745 10 22.218.874 22.738.508 18 102.138 144.732 03 4.670.091 4.817.785 11 25.700.571 26.306.505 19 275.999 340.633 04 4.711.807 4.853.921 12 32.840.796 33.571.996 20 271.278 382.087 05 4.269.354 4.408.417 13 32.910.527 33.637.092 21 263.147 383.444 06 5.279.142 5.443.890 14 40.052.678 40.824.138 22 176.040 258.865
Am 01.08.2016 um 14:51 schrieb Markus Koch: In and outgoing traffic is the same size?
2016-08-01 14:44 GMT+02:00 pa011 <pa011@web.de>:
The ISP didn’t mention - I would have to ask.
What I saw was that the traffic was up about linear from usually 30Mbits to above 100 Mbits over about 6 hours, bringing the CPU to 100% and dropping.
Am 01.08.2016 um 14:36 schrieb Markus Koch: How many packets per second?
Markus
2016-08-01 14:28 GMT+02:00 pa011 <pa011@web.de>: > Hello, > > one of my middle relays got auto limited by the ISP because of > "outgooing UDP flooding ". > > The VPS is pure debian8, fail2ban, pub key and nothing else installed - > so I highly doubt the give reason for the traffic limitation. > Also I cant find anything in the log files. > > Anybody having experience with such an issue? > What to check for please? > > Paul > > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmmp: teor at torproject dot org
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I am off for a couple of hours - if I can give some more information or ask my ISP for something later on please let me know? What should I do to stop this in the future and get the restrictions off from my ISP? Thanks Paul Am 01.08.2016 um 15:17 schrieb Markus Koch:
If this is a synflood or any other ddos attack on his vps the tor server would not relay the attack and in and outgoing traffic would be vastly different.
Sent from my iPad
On 01 Aug 2016, at 15:12, teor <teor2345@gmail.com> wrote:
On 1 Aug 2016, at 23:08, Markus Koch <niftybunny@googlemail.com> wrote:
Looks like DOS/DDOS.Is it even possible to DDOS over tor?
It's possible to (D)DOS any server using ping (or DNS, or any other UDP responder). All an attacker needs is the server's IP address, which is publicly available in the Tor consensus. Then they can attack the relay from the Internet.
There's no need to use Tor to tunnel the (D)DOS. In this case, Tor doesn't tunnel UDP, so it's unlikely to be the culprit.
Tim
2016-08-01 15:04 GMT+02:00 pa011 <pa011@web.de>:
yes about the same - sorry for the page brake dont get it solved in my thunderbird
h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) 23 6.559.929 6.748.215 07 4.697.285 4.845.893 15 35.106.193 35.833.114 00 5.129.384 5.289.456 08 12.317.567 12.605.726 16 0 0 01 3.709.181 3.843.988 09 14.913.172 15.278.079 17 0 0 02 4.405.017 4.574.745 10 22.218.874 22.738.508 18 102.138 144.732 03 4.670.091 4.817.785 11 25.700.571 26.306.505 19 275.999 340.633 04 4.711.807 4.853.921 12 32.840.796 33.571.996 20 271.278 382.087 05 4.269.354 4.408.417 13 32.910.527 33.637.092 21 263.147 383.444 06 5.279.142 5.443.890 14 40.052.678 40.824.138 22 176.040 258.865
Am 01.08.2016 um 14:51 schrieb Markus Koch: In and outgoing traffic is the same size?
2016-08-01 14:44 GMT+02:00 pa011 <pa011@web.de>:
The ISP didn’t mention - I would have to ask.
What I saw was that the traffic was up about linear from usually 30Mbits to above 100 Mbits over about 6 hours, bringing the CPU to 100% and dropping.
> Am 01.08.2016 um 14:36 schrieb Markus Koch: > How many packets per second? > > Markus > > > > 2016-08-01 14:28 GMT+02:00 pa011 <pa011@web.de>: >> Hello, >> >> one of my middle relays got auto limited by the ISP because of >> "outgooing UDP flooding ". >> >> The VPS is pure debian8, fail2ban, pub key and nothing else installed - >> so I highly doubt the give reason for the traffic limitation. >> Also I cant find anything in the log files. >> >> Anybody having experience with such an issue? >> What to check for please? >> >> Paul >> >> _______________________________________________ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmmp: teor at torproject dot org
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
strange is the difference in traffic behaivior after that: h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) 11 25.700.571 26.306.505 19 275.999 340.633 03 251.998 384.160 12 32.840.796 33.571.996 20 271.278 382.087 04 255.947 383.794 13 32.910.527 33.637.092 21 263.147 383.444 05 244.656 385.187 14 40.052.678 40.824.138 22 260.674 383.309 06 251.796 384.848 15 35.106.193 35.833.114 23 268.364 381.411 07 256.603 383.204 16 0 0 00 259.170 383.978 08 246.394 368.462 17 0 0 01 262.486 383.678 09 248.525 329.171 18 102.138 144.732 02 252.385 384.299 10 145.460 182.071 Am 01.08.2016 um 15:17 schrieb Markus Koch:
If this is a synflood or any other ddos attack on his vps the tor server would not relay the attack and in and outgoing traffic would be vastly different.
Sent from my iPad
On 01 Aug 2016, at 15:12, teor <teor2345@gmail.com> wrote:
On 1 Aug 2016, at 23:08, Markus Koch <niftybunny@googlemail.com> wrote:
Looks like DOS/DDOS.Is it even possible to DDOS over tor?
It's possible to (D)DOS any server using ping (or DNS, or any other UDP responder). All an attacker needs is the server's IP address, which is publicly available in the Tor consensus. Then they can attack the relay from the Internet.
There's no need to use Tor to tunnel the (D)DOS. In this case, Tor doesn't tunnel UDP, so it's unlikely to be the culprit.
Tim
2016-08-01 15:04 GMT+02:00 pa011 <pa011@web.de>:
yes about the same - sorry for the page brake dont get it solved in my thunderbird
h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) 23 6.559.929 6.748.215 07 4.697.285 4.845.893 15 35.106.193 35.833.114 00 5.129.384 5.289.456 08 12.317.567 12.605.726 16 0 0 01 3.709.181 3.843.988 09 14.913.172 15.278.079 17 0 0 02 4.405.017 4.574.745 10 22.218.874 22.738.508 18 102.138 144.732 03 4.670.091 4.817.785 11 25.700.571 26.306.505 19 275.999 340.633 04 4.711.807 4.853.921 12 32.840.796 33.571.996 20 271.278 382.087 05 4.269.354 4.408.417 13 32.910.527 33.637.092 21 263.147 383.444 06 5.279.142 5.443.890 14 40.052.678 40.824.138 22 176.040 258.865
Am 01.08.2016 um 14:51 schrieb Markus Koch: In and outgoing traffic is the same size?
2016-08-01 14:44 GMT+02:00 pa011 <pa011@web.de>:
The ISP didn’t mention - I would have to ask.
What I saw was that the traffic was up about linear from usually 30Mbits to above 100 Mbits over about 6 hours, bringing the CPU to 100% and dropping.
> Am 01.08.2016 um 14:36 schrieb Markus Koch: > How many packets per second? > > Markus > > > > 2016-08-01 14:28 GMT+02:00 pa011 <pa011@web.de>: >> Hello, >> >> one of my middle relays got auto limited by the ISP because of >> "outgooing UDP flooding ". >> >> The VPS is pure debian8, fail2ban, pub key and nothing else installed - >> so I highly doubt the give reason for the traffic limitation. >> Also I cant find anything in the log files. >> >> Anybody having experience with such an issue? >> What to check for please? >> >> Paul >> >> _______________________________________________ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmmp: teor at torproject dot org
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 1 Aug 2016, at 22:47, Tristan <supersluether@gmail.com> wrote:
How can a Tor relay flood UDP? I thought everything was TCP?
Exits can flood an under-resourced DNS server quite easily. That's why we recommend a local DNS resolver / cache. But this particular relay is not an exit. Perhaps it was a (D)DoS attack, and the provider is confused about where it was coming from? Perhaps the server was used in a (D)DoS attack? (Does it serve DNS? Does that DNS have large records?) Tim Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmmp: teor at torproject dot org
On Mon, 1 Aug 2016 14:28:04 +0200 pa011 <pa011@web.de> wrote:
Hello,
one of my middle relays got auto limited by the ISP because of "outgooing UDP flooding ".
The VPS is pure debian8, fail2ban, pub key and nothing else installed - so I highly doubt the give reason for the traffic limitation. Also I cant find anything in the log files.
Anybody having experience with such an issue? What to check for please?
Happened once to me, in my case the culprit was a buggy DHCPv6 client (i.e. unrelated to Tor). Does your VPS utilize IPv6 with DHCPv6 and which client do you use, if so? -- With respect, Roman
participants (5)
-
Markus Koch -
pa011 -
Roman Mamedov -
teor -
Tristan