My hosting provider alerted me of a DDoS attack on one of my relays. It started around 2016-01-26 12:42 UTC. They claim they tried "filtering, routing, and network configuration changes" to mitigate the attack, but as a last resort they temporarily disconnected the host from the network for 3 hours.
I know such attacks are not uncommon, but I'm curious if any other operators experienced a DDoS around the same time?
I'm also curious to know more about the nature of such attacks -- what type of attack was it, what is the general end goal of attacking a random Tor (non-exit) relay, etc. My hosting provider is unable or unwilling to share additional information.
I was hit with a DDoS attack > 1gbps on 2016-01-21 11:30 EST on the IP that host my tor exit node. My hosting provider began succesfully mitigating the attack and my service was unaffected besides a slight dip in network throughput.
They attacker quickly stopped the attack when they realized if was being blackholed as my IP was removed from automatic mitigation 15 minutes later.
They did not attack other IPs in that netblock or any other of my netblock that host my legitimate buisness.
DDoSing a medium-to-large exit node seems counterintuitive to me... unless you are a government.
Le 2016-01-26 14:32, Green Dream a écrit :
My hosting provider alerted me of a DDoS attack on one of my relays. It started around 2016-01-26 12:42 UTC. They claim they tried "filtering, routing, and network configuration changes" to mitigate the attack, but as a last resort they temporarily disconnected the host from the network for 3 hours.
I know such attacks are not uncommon, but I'm curious if any other operators experienced a DDoS around the same time?
I'm also curious to know more about the nature of such attacks -- what type of attack was it, what is the general end goal of attacking a random Tor (non-exit) relay, etc. My hosting provider is unable or unwilling to share additional information.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Not today, but it happens quite often ....
I get nice abuse mails like this:
Direction IN Internal 188.40.99.164 Threshold PacketsDiff 200.000 packets/s, Diff: 475.160 packets/s Sum 142.643.000 packets/300s (475.476 packets/s), 5 flows/300s (0 flows/s), 198,002 GByte/300s (5.406 MBit/s) External 185.21.xxx.xxx, 142.642.000 packets/300s (475.473 packets/s), 4 flows/300s (0 flows/s), 198,002 GByte/300s (5.406 MBit/s)
xxx out the attackers IP. :)
2016-01-26 20:32 GMT+01:00 Green Dream greendream848@gmail.com:
My hosting provider alerted me of a DDoS attack on one of my relays. It started around 2016-01-26 12:42 UTC. They claim they tried "filtering, routing, and network configuration changes" to mitigate the attack, but as a last resort they temporarily disconnected the host from the network for 3 hours.
I know such attacks are not uncommon, but I'm curious if any other operators experienced a DDoS around the same time?
I'm also curious to know more about the nature of such attacks -- what type of attack was it, what is the general end goal of attacking a random Tor (non-exit) relay, etc. My hosting provider is unable or unwilling to share additional information.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
Green Dream -
Markus Koch -
TorOp AnonymizedDotIo1