Hi,
my tor exit node was targeted with two DDoS attacks, one on 2014-12-20 01:00 CET and one on 2014-12-22 18:00 CET [1], both lasting about 5 minutes each.
This alone wouldn’t be too noteworthy if it weren’t for the fact that
a) there’s a certain state of alarm WRT the Tor networks integrity and
b) these are the only attacks my ISP has on record for the over 2.5 years of operating the Tor Exit node.
If no other operators have noticed anything out of the ordinary (given by the silence on the list) this is most likely a fluke (getting rid of pesky IRC users?), but better be safe than sorry.
best, Michael
[1] http://i.imgur.com/Zu9UkW3.png http://i.imgur.com/Zu9UkW3.png Summary screen
I run a guard node but I've also been targeted by a DDoS last week (five days ago), lasting a mere 15 minutes. I'm not sure I believe in coincidences. Especially after what you've mentioned and in regards to:
http://www.theregister.co.uk/2014/12/22/stay_away_popular_tor_exit_relays_lo...
Anyone else noticed weird activity?
*Jean-Philippe Décarie-Mathieu* 514-799-0789 - jp@jpdm.org mailto:jp@jpdm.org - PGP: 0x2D61F80F
Le 2014-12-22 12:44, Michael Renner a écrit :
Hi,
my tor exit node was targeted with two DDoS attacks, one on 2014-12-20
01:00 CET and one on 2014-12-22 18:00 CET [1], both lasting about 5 minutes each.
This alone wouldn’t be too noteworthy if it weren’t for the fact that
a) there’s a certain state of alarm WRT the Tor networks integrity and
b) these are the only attacks my ISP has on record for the over 2.5
years of operating the Tor Exit node.
If no other operators have noticed anything out of the ordinary (given
by the silence on the list) this is most likely a fluke (getting rid of pesky IRC users?), but better be safe than sorry.
best, Michael
[1] http://i.imgur.com/Zu9UkW3.png Summary screen
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 12/22/2014 06:44 PM, Michael Renner wrote:
Hi,
my tor exit node was targeted with two DDoS attacks, one on 2014-12-20 01:00 CET and one on 2014-12-22 18:00 CET [1], both lasting about 5 minutes each.
Not sure if this is related too, but somebody uses my exit relay for port scans (>15000 scans per minute at ports 22, 80 and 443). It started slowly in December and became heavier over the time.
Last Saturday this yielded into the situation that my ISP claimed to have a problem with a network segment. The ISP "helped" me to solve the problem by cutting the network connections to my exit relay.
Currently it just takes few seconds after I open the ports that the port scans will continue.
tor-relays@lists.torproject.org
-
Jean-Philippe Décarie-Mathieu -
Michael Renner -
Toralf Förster