[tor-relays] DDOS?
Matthew Finkel
matthew.finkel at gmail.com
Sun Dec 30 02:44:35 UTC 2012
On Sat, Dec 29, 2012 at 11:44:29PM +0000, mick wrote:
> On Sat, 29 Dec 2012 22:07:59 +0000
> mick <mbm at rlogin.net> allegedly wrote:
> >
> > I shut tor down while I investigated and when running nethogs I
> > noticed a shed load of attempted connections to my tor port (443) from
> > non-tor addresses. A snapshot is at
> > http://rlogin.net/tor/incoming.png
> >
> > Anyone else seeing anything similar? I can't believe I'm the only node
> > being poked.
>
> On further investigation, I think many of those addresses are likely
> to be tor related, possibly clients attempting to join tor through my
> node.
>
> How long does it take from the time a node is shut down to the point
> where no-one will attempt to connect through it?
>
> Mick
Hi Mick,
Technically clients will attempt to use your node until the majority of
the directory authorities agree your node is no longer reachable (should not
take more than a little over 1 hour, assuming I understand the code
correctly) plus 3 hours (a client considers a consensus valid for at most 3
hours), so roughly 4 hours. However, because some clients have incorrectly
set clocks, connections will most likely trickle in past this point. I
think after 5 hours no valid clients should still try to connect.
HTH,
Matt
More information about the tor-relays
mailing list