-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hi *,
I'm running a non-exit Tor node for a few months now on a virtual server hosted in a professional datacenter.
That's the node: https://globe.torproject.org/#/relay/4C246EA9C950B872FD77F761CEAAB41D93D9764...
Yesterday, December 25th, the support wrote me, that my server is under a DDoS attack with 2GBit/s lasting over more than two hours. So, the hoster black holed my traffic to protect the other customers.
The hoster wanted to know which services I'm running and told me that if I continue running Tor and further attacks will happen, then I would have to bear the costs. Eventually, I took down the Tor node to avoid further confrontation.
Now I seek for your interpretation of this event: - - Has there been more recent incidents against Tor nodes? - - How can I investigate it? - - How should one react to a hoster? I mean they could have made up the whole thing...
Looking forward to your comments Chris
Hi,
My advice is to try to ask them is they are OK to let you a second chance to let your relay running. Tell them that if such a big attack happen again so you shut it down and you don't disturb them anymore with it.
Also, a "Good Point" to get if it's not already done, set your reverse DNS to something that hackers will instantly recognize (torproxy.something.readme ...), it reduces the risk of DDoS problems (those who drives DDoS attacks often know what is Tor, may be some of them are using it everyday). Tell you ISP if you do so, in order to say them that you improved somethong to reduce the risk for it to happen again.
On one of my relays, enabling that after month without, made a very very big difference (several DDoS per month -> nothing now).
If your relay have been running for several month now without any problem, and if most of the DDoS attacks should be smaller that the one you got, may be they can be OK for a second chance!
Good luck ;)
----- Mail original ----- De: "Christian Burkert" post@cburkert.de À: tor-relays@lists.torproject.org Envoyé: Vendredi 26 Décembre 2014 12:32:19 Objet: [tor-relays] Possible DDoS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hi *,
I'm running a non-exit Tor node for a few months now on a virtual server hosted in a professional datacenter.
That's the node: https://globe.torproject.org/#/relay/4C246EA9C950B872FD77F761CEAAB41D93D9764...
Yesterday, December 25th, the support wrote me, that my server is under a DDoS attack with 2GBit/s lasting over more than two hours. So, the hoster black holed my traffic to protect the other customers.
The hoster wanted to know which services I'm running and told me that if I continue running Tor and further attacks will happen, then I would have to bear the costs. Eventually, I took down the Tor node to avoid further confrontation.
Now I seek for your interpretation of this event: - - Has there been more recent incidents against Tor nodes? - - How can I investigate it? - - How should one react to a hoster? I mean they could have made up the whole thing...
Looking forward to your comments Chris
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Firstly, thanks for your advise.
Since I'm personally fed up with this provider, I'll move my Tor node anyway. This last DDoS handling was just the last straw.
But before I discourage others from choosing this hosting provider, I wanted to check the facts behind this DDoS attack, but within by own log files, I can see nothing helpful. I'm going to ask the provider for further information.
Putting a Tor hint into the reverse DNS entry sounds like a great idea. I wouldn't have thought that this actually stops people from attacking your server. Thanks!
Furthermore, I wondered if the attackers were attracted to my system because of the Tor service, or were just randomly picking targets. But from your previous descriptions, I rather deduce that it is more like the latter, rather random attacks, right?
Anyway, I'll keep you informed about my investigations of the attack if you like.
Regards, Chris
On Friday 26 December 2014 15:48:20 Christian Burkert wrote:
Furthermore, I wondered if the attackers were attracted to my system because of the Tor service, or were just randomly picking targets. But from your previous descriptions, I rather deduce that it is more like the latter, rather random attacks, right?
DDOS happen from time to time. During 4 years operating high capacity relays I saw no DDOS lasting longer that a couple of minutes. Probably what you experience is just some random attack.
Regards,
Torland
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hey,
My guard node was DDoS'd for about 15 minutes on December 17. My inner paranoid thought this was related to the ongoing crackdown on hidden services (from the authorities, or whoever else) but now I'm not so sure.
Regards,
- -- Jean-Philippe Décarie-Mathieu jp@jpdm.org - PGP: 0x2D61F80F http://www.jpdm.org/
Le 2014-12-26 06:32, Christian Burkert a écrit :
Hi *,
I'm running a non-exit Tor node for a few months now on a virtual server hosted in a professional datacenter.
That's the node: https://globe.torproject.org/#/relay/4C246EA9C950B872FD77F761CEAAB41D93D9764...
Yesterday, December 25th, the support wrote me, that my server is under a DDoS attack with 2GBit/s lasting over more than two hours. So, the hoster black holed my traffic to protect the other customers.
The hoster wanted to know which services I'm running and told me that if I continue running Tor and further attacks will happen, then I would have to bear the costs. Eventually, I took down the Tor node to avoid further confrontation.
Now I seek for your interpretation of this event: - Has there been more recent incidents against Tor nodes? - How can I investigate it? - How should one react to a hoster? I mean they could have made up the whole thing...
Looking forward to your comments Chris _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
Christian Burkert -
Jean-Philippe Décarie-Mathieu -
Julien ROBIN -
tor-admin@torland.me