[tor-relays] outgooing UDP flooding on middle relay

pa011 pa011 at web.de
Mon Aug 1 13:26:18 UTC 2016 

I am off for a couple of hours - if I can give some more information or
ask my ISP for something later on please let me know?

What should I do to stop this in the future and get the restrictions off
from my ISP?

Thanks
Paul

Am 01.08.2016 um 15:17 schrieb Markus Koch:
> If this is a synflood or any other ddos attack on his vps the tor server would not relay the attack and in and outgoing traffic would be vastly different. 
> 
> Sent from my iPad
> 
>> On 01 Aug 2016, at 15:12, teor <teor2345 at gmail.com> wrote:
>>
>>
>>> On 1 Aug 2016, at 23:08, Markus Koch <niftybunny at googlemail.com> wrote:
>>>
>>> Looks like DOS/DDOS.Is it even possible to DDOS over tor?
>>
>> It's possible to (D)DOS any server using ping (or DNS, or any other UDP responder).
>> All an attacker needs is the server's IP address, which is publicly available in the Tor consensus.
>> Then they can attack the relay from the Internet.
>>
>> There's no need to use Tor to tunnel the (D)DOS. In this case, Tor doesn't tunnel UDP, so it's unlikely to be the culprit.
>>
>> Tim
>>
>>>
>>>
>>> 2016-08-01 15:04 GMT+02:00 pa011 <pa011 at web.de>:
>>>> yes about the same - sorry for the page brake dont get it solved in my
>>>> thunderbird
>>>>
>>>> h  rx (KiB)   tx (KiB)      h  rx (KiB)   tx (KiB)      h  rx (KiB)
>>>> tx (KiB)
>>>> 23  6.559.929  6.748.215    07  4.697.285  4.845.893    15 35.106.193
>>>> 35.833.114
>>>> 00  5.129.384  5.289.456    08 12.317.567 12.605.726    16          0
>>>>     0
>>>> 01  3.709.181  3.843.988    09 14.913.172 15.278.079    17          0
>>>>     0
>>>> 02  4.405.017  4.574.745    10 22.218.874 22.738.508    18    102.138
>>>> 144.732
>>>> 03  4.670.091  4.817.785    11 25.700.571 26.306.505    19    275.999
>>>> 340.633
>>>> 04  4.711.807  4.853.921    12 32.840.796 33.571.996    20    271.278
>>>> 382.087
>>>> 05  4.269.354  4.408.417    13 32.910.527 33.637.092    21    263.147
>>>> 383.444
>>>> 06  5.279.142  5.443.890    14 40.052.678 40.824.138    22    176.040
>>>> 258.865
>>>>
>>>>
>>>>> Am 01.08.2016 um 14:51 schrieb Markus Koch:
>>>>> In and outgoing traffic is the same size?
>>>>>
>>>>>
>>>>>
>>>>> 2016-08-01 14:44 GMT+02:00 pa011 <pa011 at web.de>:
>>>>>> The ISP didn’t mention - I would have to ask.
>>>>>>
>>>>>> What I saw was that the traffic was up about linear from usually 30Mbits
>>>>>> to above 100 Mbits over about 6 hours, bringing the CPU to 100% and
>>>>>> dropping.
>>>>>>
>>>>>>
>>>>>>> Am 01.08.2016 um 14:36 schrieb Markus Koch:
>>>>>>> How many packets per second?
>>>>>>>
>>>>>>> Markus
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> 2016-08-01 14:28 GMT+02:00 pa011 <pa011 at web.de>:
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> one of my middle relays got auto limited by the ISP because of
>>>>>>>> "outgooing UDP flooding ".
>>>>>>>>
>>>>>>>> The VPS is pure debian8, fail2ban, pub key and nothing else installed -
>>>>>>>> so I highly doubt the give reason for the traffic limitation.
>>>>>>>> Also I cant find anything in the log files.
>>>>>>>>
>>>>>>>> Anybody having experience with such an issue?
>>>>>>>> What to check for please?
>>>>>>>>
>>>>>>>> Paul
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> tor-relays mailing list
>>>>>>>> tor-relays at lists.torproject.org
>>>>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>>>>> _______________________________________________
>>>>>>> tor-relays mailing list
>>>>>>> tor-relays at lists.torproject.org
>>>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>>>> _______________________________________________
>>>>>> tor-relays mailing list
>>>>>> tor-relays at lists.torproject.org
>>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>>> _______________________________________________
>>>>> tor-relays mailing list
>>>>> tor-relays at lists.torproject.org
>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>> _______________________________________________
>>>> tor-relays mailing list
>>>> tor-relays at lists.torproject.org
>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>> _______________________________________________
>>> tor-relays mailing list
>>> tor-relays at lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>> Tim Wilson-Brown (teor)
>>
>> teor2345 at gmail dot com
>> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
>> ricochet:ekmygaiu4rzgsk6n
>> xmmp: teor at torproject dot org
>>
>>
>>
>>
>>
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>

More information about the tor-relays mailing list