Grüezi,
Over the past seven days, all of my bridges are under DDoS attack. Other servers hosted with adjacent IP addresses are not under attack. Any one else seeing such attacks lately?
Curious that all of my bridges are under attack, meaning someone altogether knows they exist.
Thanks.
On Wed, Nov 11, 2020 at 09:05:24PM -0000, Jonas wrote:
Over the past seven days, all of my bridges are under DDoS attack. Other servers hosted with adjacent IP addresses are not under attack.
* What kind of DDoS are you seeing? Is it a lot of network packets? Or network connections?
* What's the source of the DDoS attack?
* Does the attack target your Tor port specifically? Or is it ICMP packets that target the entire machine?
Cheers, Philipp
According to packetflow traces, roughly 26,000 unique IPv4 from 85 countries executing a SYN flood attack on TCP/9001. None of my bridges have 9001 open nor respond to this port. The attacks continue to this day.
Danke.
Jonas
If your server is not responding, no harm done (likely already done if you have iptables set up to drop unknown (established flag not set) incoming traffic.).
If it's somehow maxing out your connection speed, then time to talk to your upstream provider / hosting company - very likely they already have anti dos equipment on their network, and many would just re-route a customer through it until the attack stops, but it might cost you some money.
2020-11-13 17:03 GMT, Jonas jonasdietrich@ctemplar.com:
According to packetflow traces, roughly 26,000 unique IPv4 from 85 countries executing a SYN flood attack on TCP/9001. None of my bridges have 9001 open nor respond to this port. The attacks continue to this day.
Danke.
Jonas _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
Jonas -
Philipp Winter -
Toralf Förster -
William Kane