[tor-relays] Possible DDoS

Sebastian Urbach sebastian at urbach.org
Fri Dec 26 13:05:27 UTC 2014


On December 26, 2014 12:41:51 PM Christian Burkert <post at cburkert.de> wrote:

Hi,

> I'm running a non-exit Tor node for a few months now on a virtual server
> hosted in a professional datacenter.

Thank you !

> Yesterday, December 25th, the support wrote me, that my server is
> under a DDoS attack with 2GBit/s lasting over more than two hours. So,
> the hoster black holed my traffic to protect the other customers.

I've seen this behaviour from some ISP's before and it's rather sad. If 
something like this happens my ISP is taking care of it without disabling 
my systems. I'm just getting a note with all the technical information and 
that's it.

> The hoster wanted to know which services I'm running and told me that
> if I continue running Tor and further attacks will happen, then I
> would have to bear the costs.
> Eventually, I took down the Tor node to avoid further confrontation.

That's interesting, they gave you some infos like the time and the amount 
but nothing else ? Seems to me that they're pretty clueless and are fishing 
in the dark. Another reason for their behaviour could be that they want to 
get rid of you / your Tor node. Threatening customers is really sad, sounds 
like they heard the word Tor from you and then concluded "oh, than he 
basically asked for the attack".

>
> Now I seek for your interpretation of this event:
> - - Has there been more recent incidents against Tor nodes?

Nothing with that magnitude on my end for weeks.

> - - How can I investigate it?

You can ask your ISP for their logs regarding that attack. Do you have any 
logs on your system, maybe from a intrusion detection or anything else ?

> - - How should one react to a hoster? I mean they could have made up the
> whole thing...

If you are already considering this than i would recommend changing to 
another ISP, sounds like there is already some distrust.

>
> Looking forward to your comments
> Chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> Comment: Using GnuPG with Icedove - http://www.enigmail.net/
>
> iQIcBAEBCgAGBQJUnUdDAAoJEHAzZ6ooPDSy0nMP/1lyHPPFBxpAOvEiWL+ijrvA
> SPViJvZH/cPUS/11M7qm+bsZa/fbiRk6kY8ADcY8abe1Z8lHzMYPGwZvKaIijiZG
> M8hjCHtMWLipO6iLmVfFskDtRn37Ga2ibEhGkVesDV53kPcotgg4i7tIqIuNb11X
> Gnkk+WpYwkrS9nPZjYNLmce093s4lux/N5GyRY/gQii+h9mfDJ++W+1ueNU94UQ0
> bvK1wF7MdicWlu0kR49hCgFtDFh7uUjP87MPZmmQYHI82qWhTJxqOuuImrnJew2k
> pCFSzn03x/hXg1QFNPNLsqHU9OhUob3/z17Azcpbir15mY4/YE7Gq14/LBM+FKh0
> LqGjzaVbQo0hs0kE2yFk5sEP0Dsv5aiOUItqFIMTG52FYZ6cUh/eTxMd6vblHwfU
> ujil0rFCRqtmbF6wIDBuXDxc0fmdaRMWTDfSlPxYGkfUaq1tSea1OAvjFpheOcNM
> wu9QiTSq9BTLY010iHSYQDknSr+gFkc/ooNLsPV1AAZFyMlG0epLww6tqR7C9hZq
> RyEX9piqGal7mU56gETxhDrD0Z/aKgXMbS+KvYfZhopGWEVg5vbWPGxAId53nhr6
> hjvLyFmy68hBdbOB/pvp8qvw8veQR3niiHIxhxAl+BIQzXX45x0uVCPHFUpbbLp5
> POIwpEJ46oaz7+cddAHf
> =TcPt
> -----END PGP SIGNATURE-----
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


-- 
Sincerely yours / Sincères salutations

Sebastian Urbach

-----------------------------------------
Definition of Tor:
10% luck, 20% skill, 15% concentrated
power of will, 5% pleasure, 50% pain and
100% reason to remember the name!
-----------------------------------------




More information about the tor-relays mailing list