I was wondering if these unfriendly tor clients are using tor's default path selection or something else.
If they do tor exit relays would have much smaller values in their DoS stats, right?
Would any tor exit operator (listed bellow) running 0.3.3.2-alpha be willing to share (obfuscated/not exact counters) of their DoS log entries? (only if you do not have any additional firewall rules filtering packets)
| abuse@to-surf-and-protect.net | | replace k with c : kontakt @ zwiebeltoralf . de | | <rok AT sent dot com> | | florentin aatt rochet ddoott be; LTC: LhRqJZu6U87BJNSUbkACHzVQsK39hJ3sMB | | tor-relays@coldhak.ca | | abuse@to-surf-and-protect.de | | J. Random Hacker anonymizer@ccc.de | | Exit by Reporters without Borders via https://www.torservers.net/ | | Neel Chauhan <neel AT neelc DOT org> | BTC: 1KogNvxdcXydDUNrPgqgtgV3AWktKPqXpS | | Random Person <tor AT cusse.org> | | OctaneZ-TOR OctaneZ+toroperator@gmail.com | | https://www.torservers.net/donate.html <support .AT. torservers .DOT. net> | | shallot protonmail com | | Random Person <killertor.abuse at gmail point com> | | Brandon Kuschel <kusch023 AT NOSPAM umn dot edu> | | <admin AT openbsd DOT se> |
On 2/16/18 12:23, nusenu wrote:
I was wondering if these unfriendly tor clients are using tor's default path selection or something else.
If they do tor exit relays would have much smaller values in their DoS stats, right?
Would any tor exit operator (listed bellow) running 0.3.3.2-alpha be willing to share (obfuscated/not exact counters) of their DoS log entries? (only if you do not have any additional firewall rules filtering packets)
I run an 0332-alpha relay with no extra firewall rules.
4B084AD6A0BA70761A333829F52042BB6EA009AF
In case the following gets wrapped and ruined: https://paste.debian.net/1010648/
Feb 16 01:50:55.000 [notice] Since startup, we have initiated x v1 connections, x v2 connections, x v3 connections, and 5xxxx v4 connections; and received 5x v1 connections, 1xx v2 connections, 9xx v3 connections, and 4xxxxx v4 connections. Feb 16 01:50:55.000 [notice] DoS mitigation since startup: x circuits rejected, x marked addresses. x connections closed. 2xx single hop clients refused. Feb 16 07:50:55.000 [notice] Heartbeat: Tor's uptime is 5 days 23:28 hours, with 4xxx circuits open. I've sent 1xxx GB and received 1xxx GB. Feb 16 07:50:55.000 [notice] Circuit handshake stats since last time: 4xxx/4xxx TAP, 1xxxxx/1xxxxx NTor. Feb 16 07:50:55.000 [notice] Since startup, we have initiated x v1 connections, x v2 connections, x v3 connections, and 5xxxx v4 connections; and received 7x v1 connections, 1xx v2 connections, 9xx v3 connections, and 4xxxxx v4 connections. Feb 16 07:50:55.000 [notice] DoS mitigation since startup: x circuits rejected, x marked addresses. x connections closed. 3xx single hop clients refused. Feb 16 13:50:55.000 [notice] Heartbeat: Tor's uptime is 6 days 5:28 hours, with 4xxx circuits open. I've sent 1xxx GB and received 1xxx GB. Feb 16 13:50:55.000 [notice] Circuit handshake stats since last time: 4xxx/4xxx TAP, 1xxxxx/1xxxxx NTor. Feb 16 13:50:55.000 [notice] Since startup, we have initiated x v1 connections, x v2 connections, x v3 connections, and 5xxxx v4 connections; and received 7x v1 connections, 1xx v2 connections, 1xxx v3 connections, and 4xxxxx v4 connections. Feb 16 13:50:55.000 [notice] DoS mitigation since startup: x circuits rejected, x marked addresses. x connections closed. 3xx single hop clients refused.
On 17 Feb 2018, at 07:21, Matt Traudt pastly@torproject.org wrote:
On 2/16/18 12:23, nusenu wrote: I was wondering if these unfriendly tor clients are using tor's default path selection or something else.
We think they are using Tor's bandwidth weights, but without entry guards. They may be using one of the buggy versions that assigns exits a non-zero weight.
If they do tor exit relays would have much smaller values in their DoS stats, right?
My exit has smaller DoS stats and connections than my guards. And my higher-weighted guards have more connections than my lower-weighted guards.
These DoS stats are from one of my guards: https://trac.torproject.org/projects/tor/ticket/24902#comment:76
Would any tor exit operator (listed bellow) running 0.3.3.2-alpha be willing to share (obfuscated/not exact counters) of their DoS log entries? (only if you do not have any additional firewall rules filtering packets)
I run an 0332-alpha relay with no extra firewall rules.
4B084AD6A0BA70761A333829F52042BB6EA009AF
In case the following gets wrapped and ruined: https://paste.debian.net/1010648/
Feb 16 01:50:55.000 [notice] Since startup, we have initiated x v1 connections, x v2 connections, x v3 connections, and 5xxxx v4 connections; and received 5x v1 connections, 1xx v2 connections, 9xx v3 connections, and 4xxxxx v4 connections. Feb 16 01:50:55.000 [notice] DoS mitigation since startup: x circuits rejected, x marked addresses. x connections closed. 2xx single hop clients refused.
On my guards, each of these figures is much higher.
But the "single hop clients refused" figure is proportional to the bandwidth (my figure is 8x, and my bandwidth is 5x). So those clients may be using raw bandwidth weights rather than middle weights.
T
Hello,
Here's the DoS log line after a few days:
[notice] DoS mitigation since startup: 0 circuits rejected, 0 marked addresses. 0 connections closed. 500 single hop clients refused.
On 16/02/18 18:23, nusenu wrote:
I was wondering if these unfriendly tor clients are using tor's default path selection or something else.
If they do tor exit relays would have much smaller values in their DoS stats, right?
Would any tor exit operator (listed bellow) running 0.3.3.2-alpha be willing to share (obfuscated/not exact counters) of their DoS log entries? (only if you do not have any additional firewall rules filtering packets)
| abuse@to-surf-and-protect.net | | replace k with c : kontakt @ zwiebeltoralf . de | | <rok AT sent dot com> | | florentin aatt rochet ddoott be; LTC: LhRqJZu6U87BJNSUbkACHzVQsK39hJ3sMB | | tor-relays@coldhak.ca | | abuse@to-surf-and-protect.de | | J. Random Hacker anonymizer@ccc.de | | Exit by Reporters without Borders via https://www.torservers.net/ | | Neel Chauhan <neel AT neelc DOT org> | BTC: 1KogNvxdcXydDUNrPgqgtgV3AWktKPqXpS | | Random Person <tor AT cusse.org> | | OctaneZ-TOR OctaneZ+toroperator@gmail.com | | https://www.torservers.net/donate.html <support .AT. torservers .DOT. net> | | shallot protonmail com | | Random Person <killertor.abuse at gmail point com> | | Brandon Kuschel <kusch023 AT NOSPAM umn dot edu> | | <admin AT openbsd DOT se> |
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
me:
Feb 17 08:55:27.000 [notice] Heartbeat: Tor's uptime is 4 days 5:59 hours, with 15062 circuits open. I've sent 4436.48 GB and received 4399.31 GB. Feb 17 08:55:27.000 [notice] Circuit handshake stats since last time: 11751/11751 TAP, 363728/363728 NTor. Feb 17 08:55:27.000 [notice] Since startup, we have initiated 0 v1 connections, 0 v2 connections, 0 v3 connections, and 69565 v4 connections; and received 68 v1 connections, 804 v2 connections, 775 v3 connections, and 267245 v4 connections. Feb 17 08:55:27.000 [notice] DoS mitigation since startup: 3052294 circuits rejected, 73 marked addresses. 3316 connections closed. 967 single hop clients refused.
On 17. Feb 2018, at 10:29, Florentin Rochet florentin.rochet@uclouvain.be wrote:
Hello,
Here's the DoS log line after a few days:
[notice] DoS mitigation since startup: 0 circuits rejected, 0 marked addresses. 0 connections closed. 500 single hop clients refused.
niftybunny:
me:
what is the fingerprint of this exit relay?
niftychipmunk
On 17. Feb 2018, at 11:40, nusenu nusenu-lists@riseup.net wrote:
niftybunny:
me:
what is the fingerprint of this exit relay?
-- https://mastodon.social/@nusenu twitter: @nusenu_
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
niftyjerboa:
Feb 17 08:53:12.000 [notice] Heartbeat: Tor's uptime is 4 days 5:59 hours, with 21016 circuits open. I've sent 4333.53 GB and received 4288.98 GB. Feb 17 08:53:12.000 [notice] Circuit handshake stats since last time: 17663/17663 TAP, 649315/649315 NTor. Feb 17 08:53:12.000 [notice] Since startup, we have initiated 0 v1 connections, 0 v2 connections, 0 v3 connections, and 58973 v4 connections; and received 41 v1 connections, 278 v2 connections, 834 v3 connections, and 274659 v4 connections. Feb 17 08:53:12.000 [notice] DoS mitigation since startup: 378720 circuits rejected, 40 marked addresses. 0 connections closed. 1072 single hop clients refused.
niftypedetes:
Feb 17 08:53:18.000 [notice] Heartbeat: Tor's uptime is 4 days 5:59 hours, with 15947 circuits open. I've sent 3859.98 GB and received 3823.13 GB. Feb 17 08:53:18.000 [notice] Circuit handshake stats since last time: 11522/11522 TAP, 431806/431806 NTor. Feb 17 08:53:18.000 [notice] Since startup, we have initiated 0 v1 connections, 0 v2 connections, 0 v3 connections, and 66452 v4 connections; and received 56 v1 connections, 725 v2 connections, 876 v3 connections, and 272565 v4 connections. Feb 17 08:53:18.000 [notice] DoS mitigation since startup: 2127013 circuits rejected, 53 marked addresses. 710 connections closed. 823 single hop clients refused.
Most of my relays are fine, some had heavy attacks.
Updated yesterday to 0.3.3.2-alpha on OpenBSD 6.2 with KISTLite scheduler and no firewall rules to hinder the onslaught.
SVnode01 9CAFA2463A0DBE02847ED3405185CF67DA38BF8E
Heartbeat: Tor's uptime is 17:59 hours, with 17370 circuits open. I've sent 330.92 GB and received 327.63 GB. Circuit handshake stats since last time: 25697/25697 TAP, 2762784/2762784 NTor. Since startup, we have initiated 0 v1 connections, 0 v2 connections, 0 v3 connections, and 13287 v4 connections; and received 2 v1 connections, 1428 v2 connections, 2589 v3 connections, and 82690 v4 connections. DoS mitigation since startup: 1009480 circuits rejected, 37 marked addresses. 11194 connections closed. 123 single hop clients refused.
SVnode02 4145156A89030F19F6581352028F024621F93AA4
Heartbeat: Tor's uptime is 17:59 hours, with 15093 circuits open. I've sent 295.51 GB and received 293.41 GB. Circuit handshake stats since last time: 48546/48546 TAP, 2589921/2589921 NTor. Since startup, we have initiated 0 v1 connections, 0 v2 connections, 0 v3 connections, and 14303 v4 connections; and received 5 v1 connections, 1281 v2 connections, 2297 v3 connections, and 83297 v4 connections. DoS mitigation since startup: 3909995 circuits rejected, 45 marked addresses. 527051 connections closed. 90 single hop clients refused.
SVnode03 869B0F952905601BE1B5D8062964FA436DC3FD96
Heartbeat: Tor's uptime is 17:59 hours, with 22207 circuits open. I've sent 276.00 GB and received 277.80 GB. Circuit handshake stats since last time: 241061/241061 TAP, 7074179/7074179 NTor. Since startup, we have initiated 0 v1 connections, 0 v2 connections, 0 v3 connections, and 9712 v4 connections; and received 2 v1 connections, 3273 v2 connections, 4556 v3 connections, and 82336 v4 connections. DoS mitigation since startup: 242 circuits rejected, 2 marked addresses. 12495 connections closed. 231 single hop clients refused.
Sometimes I get lost, and only now realize you wanted statistics from exit relays, my bad.
As an operator of two guard relays that were impacted by the recent disruptive activity, the update has also made a difference.
I'll just go crawl back under my rock now...
On Feb 17, 2018 09:13, "Tyler Johnson" tylrcjhnsn@gmail.com wrote:
Updated yesterday to 0.3.3.2-alpha on OpenBSD 6.2 with KISTLite scheduler and no firewall rules to hinder the onslaught.
SVnode01 9CAFA2463A0DBE02847ED3405185CF67DA38BF8E
Heartbeat: Tor's uptime is 17:59 hours, with 17370 circuits open. I've sent 330.92 GB and received 327.63 GB. Circuit handshake stats since last time: 25697/25697 TAP, 2762784/2762784 NTor. Since startup, we have initiated 0 v1 connections, 0 v2 connections, 0 v3 connections, and 13287 v4 connections; and received 2 v1 connections, 1428 v2 connections, 2589 v3 connections, and 82690 v4 connections. DoS mitigation since startup: 1009480 circuits rejected, 37 marked addresses. 11194 connections closed. 123 single hop clients refused.
SVnode02 4145156A89030F19F6581352028F024621F93AA4
Heartbeat: Tor's uptime is 17:59 hours, with 15093 circuits open. I've sent 295.51 GB and received 293.41 GB. Circuit handshake stats since last time: 48546/48546 TAP, 2589921/2589921 NTor. Since startup, we have initiated 0 v1 connections, 0 v2 connections, 0 v3 connections, and 14303 v4 connections; and received 5 v1 connections, 1281 v2 connections, 2297 v3 connections, and 83297 v4 connections. DoS mitigation since startup: 3909995 circuits rejected, 45 marked addresses. 527051 connections closed. 90 single hop clients refused.
SVnode03 869B0F952905601BE1B5D8062964FA436DC3FD96
Heartbeat: Tor's uptime is 17:59 hours, with 22207 circuits open. I've sent 276.00 GB and received 277.80 GB. Circuit handshake stats since last time: 241061/241061 TAP, 7074179/7074179 NTor. Since startup, we have initiated 0 v1 connections, 0 v2 connections, 0 v3 connections, and 9712 v4 connections; and received 2 v1 connections, 3273 v2 connections, 4556 v3 connections, and 82336 v4 connections. DoS mitigation since startup: 242 circuits rejected, 2 marked addresses. 12495 connections closed. 231 single hop clients refused.
tor-relays@lists.torproject.org
-
Florentin Rochet -
Matt Traudt -
niftybunny -
nusenu -
teor -
Tyler Johnson