[tor-relays] ISP thinks a relay is under attack from other relays

Stefan Spühler lists at stefan-spuehler.org
Wed Dec 7 11:03:23 UTC 2011 

Hi,

This is a "known" problem of the Hetzner IDS i also got one yesterday on
my 60Mbit/s middle node. It often produces false positives with funny
values e.g. 50Gbit/s outgoing Traffic on a 100Mbit/s switch port. Check
your local network stats i am pretty sure it won't show you something
special.

Sincerely,
Stefan Spühler

On 07.12.2011 00:17, Daniel Bryg wrote:
> Hi,
> 
> This is mostly just an interesting anecdote but there are also a few
> questions.
> 
> Hetzner informed us (see below) about an attack on our relay (not an
> exit). It looks like it's just normal traffic from other relays so all
> is good, but the switch sees incoming activity almost 3x higher than
> what comes in on the server's interface (90Mbit/s, 13k packets/s). If
> most of packets are dropped, it must affect the performance of Tor
> connections.
> 
> Is this because the Tor network is overwhelmed with traffic and are all
> relays subject to much higher requested traffic than their limits?
> 
> Thanks,
> 
> Daniel.
> 
> 
> Direction IN
> Threshold Traffic 200 MBit/s
> Sum 8,828 GByte/300s (241 MBit/s), 9.436.000 packets/300s (31.453
> packets/s), 317 flows/300s (1 flows/s)
> External 109.236.85.157, 0,444 GByte/300s (12 MBit/s), 341.000
> packets/300s (1.136 packets/s), 1 flows/300s (0 flows/s)
> External 93.114.44.37, 0,435 GByte/300s (11 MBit/s), 321.000
> packets/300s (1.070 packets/s), 1 flows/300s (0 flows/s)
> External 46.165.196.73, 0,373 GByte/300s (10 MBit/s), 287.000
> packets/300s (956 packets/s), 1 flows/300s (0 flows/s)
> External 91.208.34.12, 0,260 GByte/300s (7 MBit/s), 217.000 packets/300s
> (723 packets/s), 1 flows/300s (0 flows/s)
> External 212.117.161.80, 0,256 GByte/300s (6 MBit/s), 191.000
> packets/300s (636 packets/s), 1 flows/300s (0 flows/s)
> External 212.26.1.109, 0,241 GByte/300s (6 MBit/s), 363.000 packets/300s
> (1.210 packets/s), 2 flows/300s (0 flows/s)
> External 174.140.167.122, 0,238 GByte/300s (6 MBit/s), 177.000
> packets/300s (590 packets/s), 1 flows/300s (0 flows/s)
> External 109.163.225.203, 0,182 GByte/300s (4 MBit/s), 142.000
> packets/300s (473 packets/s), 1 flows/300s (0 flows/s)
> External 94.23.164.42, 0,174 GByte/300s (4 MBit/s), 137.000 packets/300s
> (456 packets/s), 1 flows/300s (0 flows/s)
> External 137.56.163.64, 0,170 GByte/300s (4 MBit/s), 157.000
> packets/300s (523 packets/s), 2 flows/300s (0 flows/s)
> External 173.254.192.38, 0,166 GByte/300s (4 MBit/s), 143.000
> packets/300s (476 packets/s), 1 flows/300s (0 flows/s)
> External 188.165.26.254, 0,163 GByte/300s (4 MBit/s), 134.000
> packets/300s (446 packets/s), 1 flows/300s (0 flows/s)
> External 217.115.137.222, 0,156 GByte/300s (4 MBit/s), 123.000
> packets/300s (410 packets/s), 1 flows/300s (0 flows/s)
> External 94.23.168.39, 0,149 GByte/300s (4 MBit/s), 133.000 packets/300s
> (443 packets/s), 1 flows/300s (0 flows/s)
> External 216.24.174.245, 0,147 GByte/300s (4 MBit/s), 106.000
> packets/300s (353 packets/s), 1 flows/300s (0 flows/s)
> External 77.247.181.163, 0,138 GByte/300s (3 MBit/s), 123.000
> packets/300s (410 packets/s), 1 flows/300s (0 flows/s)
> External 85.214.75.110, 0,137 GByte/300s (3 MBit/s), 117.000
> packets/300s (390 packets/s), 1 flows/300s (0 flows/s)
> External 204.45.133.189, 0,135 GByte/300s (3 MBit/s), 131.000
> packets/300s (436 packets/s), 1 flows/300s (0 flows/s)
> External 94.23.174.3, 0,131 GByte/300s (3 MBit/s), 112.000 packets/300s
> (373 packets/s), 1 flows/300s (0 flows/s)
> External 85.31.186.116, 0,130 GByte/300s (3 MBit/s), 104.000
> packets/300s (346 packets/s), 1 flows/300s (0 flows/s)
> External 178.32.52.72, 0,118 GByte/300s (3 MBit/s), 104.000 packets/300s
> (346 packets/s), 1 flows/300s (0 flows/s)
> External 46.165.196.182, 0,112 GByte/300s (3 MBit/s), 134.000
> packets/300s (446 packets/s), 1 flows/300s (0 flows/s)
> External 77.247.181.164, 0,106 GByte/300s (2 MBit/s), 89.000
> packets/300s (296 packets/s), 1 flows/300s (0 flows/s)
> External 77.247.181.162, 0,104 GByte/300s (2 MBit/s), 95.000
> packets/300s (316 packets/s), 1 flows/300s (0 flows/s)
> External 146.185.23.179, 0,103 GByte/300s (2 MBit/s), 96.000
> packets/300s (320 packets/s), 1 flows/300s (0 flows/s)
> External 87.98.180.247, 0,101 GByte/300s (2 MBit/s), 95.000 packets/300s
> (316 packets/s), 1 flows/300s (0 flows/s)
> External 199.48.147.35, 0,095 GByte/300s (2 MBit/s), 93.000 packets/300s
> (310 packets/s), 2 flows/300s (0 flows/s)
> External 62.220.136.253, 0,092 GByte/300s (2 MBit/s), 110.000
> packets/300s (366 packets/s), 1 flows/300s (0 flows/s)
> External 89.248.168.118, 0,092 GByte/300s (2 MBit/s), 79.000
> packets/300s (263 packets/s), 1 flows/300s (0 flows/s)
> External 199.48.147.45, 0,089 GByte/300s (2 MBit/s), 75.000 packets/300s
> (250 packets/s), 1 flows/300s (0 flows/s)
> External 188.120.245.249, 0,088 GByte/300s (2 MBit/s), 75.000
> packets/300s (250 packets/s), 1 flows/300s (0 flows/s)
> External 212.95.43.222, 0,087 GByte/300s (2 MBit/s), 72.000 packets/300s
> (240 packets/s), 1 flows/300s (0 flows/s)
> External 74.109.126.29, 0,082 GByte/300s (2 MBit/s), 71.000 packets/300s
> (236 packets/s), 1 flows/300s (0 flows/s)
> External 91.121.166.158, 0,081 GByte/300s (2 MBit/s), 71.000
> packets/300s (236 packets/s), 1 flows/300s (0 flows/s)
> External 77.247.181.165, 0,079 GByte/300s (2 MBit/s), 80.000
> packets/300s (266 packets/s), 1 flows/300s (0 flows/s)
> External 146.185.23.180, 0,078 GByte/300s (2 MBit/s), 74.000
> packets/300s (246 packets/s), 1 flows/300s (0 flows/s)
> External 91.121.85.130, 0,078 GByte/300s (2 MBit/s), 68.000 packets/300s
> (226 packets/s), 1 flows/300s (0 flows/s)
> External 93.182.132.100, 0,075 GByte/300s (2 MBit/s), 65.000
> packets/300s (216 packets/s), 2 flows/300s (0 flows/s)
> External 46.73.164.123, 0,074 GByte/300s (2 MBit/s), 63.000 packets/300s
> (210 packets/s), 1 flows/300s (0 flows/s)
> External 194.204.30.253, 0,067 GByte/300s (1 MBit/s), 101.000
> packets/300s (336 packets/s), 1 flows/300s (0 flows/s)
> External 79.172.193.89, 0,065 GByte/300s (1 MBit/s), 58.000 packets/300s
> (193 packets/s), 1 flows/300s (0 flows/s)
> External 62.116.251.71, 0,065 GByte/300s (1 MBit/s), 51.000 packets/300s
> (170 packets/s), 1 flows/300s (0 flows/s)
> External 77.245.18.28, 0,064 GByte/300s (1 MBit/s), 47.000 packets/300s
> (156 packets/s), 1 flows/300s (0 flows/s)
> External 173.254.216.69, 0,064 GByte/300s (1 MBit/s), 60.000
> packets/300s (200 packets/s), 1 flows/300s (0 flows/s)
> External 188.72.225.172, 0,061 GByte/300s (1 MBit/s), 60.000
> packets/300s (200 packets/s), 1 flows/300s (0 flows/s)
> External 93.115.241.2, 0,061 GByte/300s (1 MBit/s), 53.000 packets/300s
> (176 packets/s), 1 flows/300s (0 flows/s)
> External 173.254.192.36, 0,059 GByte/300s (1 MBit/s), 50.000
> packets/300s (166 packets/s), 1 flows/300s (0 flows/s)
> External 188.165.24.70, 0,057 GByte/300s (1 MBit/s), 58.000 packets/300s
> (193 packets/s), 1 flows/300s (0 flows/s)
> External 85.223.49.156, 0,053 GByte/300s (1 MBit/s), 43.000 packets/300s
> (143 packets/s), 1 flows/300s (0 flows/s)
> External 131.130.199.36, 0,052 GByte/300s (1 MBit/s), 45.000
> packets/300s (150 packets/s), 1 flows/300s (0 flows/s)
> 
> 
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

More information about the tor-relays mailing list