[tor-relays] DDoS attack on relay
Markus Koch
niftybunny at googlemail.com
Tue Jan 26 20:10:38 UTC 2016
Not today, but it happens quite often ....
I get nice abuse mails like this:
Direction IN
Internal 188.40.99.164
Threshold PacketsDiff 200.000 packets/s, Diff: 475.160 packets/s
Sum 142.643.000 packets/300s (475.476 packets/s), 5 flows/300s (0
flows/s), 198,002 GByte/300s (5.406 MBit/s)
External 185.21.xxx.xxx, 142.642.000 packets/300s (475.473 packets/s),
4 flows/300s (0 flows/s), 198,002 GByte/300s (5.406 MBit/s)
xxx out the attackers IP. :)
2016-01-26 20:32 GMT+01:00 Green Dream <greendream848 at gmail.com>:
> My hosting provider alerted me of a DDoS attack on one of my relays. It
> started around 2016-01-26 12:42 UTC. They claim they tried "filtering,
> routing, and network configuration changes" to mitigate the attack, but as a
> last resort they temporarily disconnected the host from the network for 3
> hours.
>
> I know such attacks are not uncommon, but I'm curious if any other operators
> experienced a DDoS around the same time?
>
> I'm also curious to know more about the nature of such attacks -- what type
> of attack was it, what is the general end goal of attacking a random Tor
> (non-exit) relay, etc. My hosting provider is unable or unwilling to share
> additional information.
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
More information about the tor-relays
mailing list