[tor-relays] DoS from my tor guard VPS
tor-admin at zumbi.com.ar
tor-admin at zumbi.com.ar
Wed Nov 16 01:34:39 UTC 2016
On Tue, Nov 15, 2016 at 12:41:09PM -0800, Arisbe wrote:
> One of my tor guard relays is a medium size VPS operating in the Czech
> Republic. It's been up and stable for several years. Several weeks ago I
> was notified that my VPS was a source of UDP DoS traffic. It was shut down.
> Logs showed no intrusions.
>
> I installed a different instance of linux, changed my SSH port, added
> fail2ban and even installed clamav. I did not make changes to the tor exit
> policy. Then, this week I received the following:
>
> "Hello,
> surveillance system detected a disproportionate outgoing DoS traffic on your
> VPS torexitcz and then our network under a DDoS attack. Your server
> torexitcz has been stopped. This is another problem with your VPS. Your
> service will be terminated.
> Thanks for understanding."
>
> Can anyone offer an opinion as to how my relay was used for DoS? How can I
> avoid this in the future? My goal, as always is to provide stable nodes to
> the tor network while protecting myself and my VPS supplier.
Are you running ntpd on the vps? your vps may being used for an ntp reflection attack
>
> 4061C553CA88021B8302F0814365070AAE617270
> 185.100.85.101
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
--
1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333
keybase: https://keybase.io/gfa
More information about the tor-relays
mailing list