[tor-relays] Recent wave of abuse on Tor guards
teor
teor2345 at gmail.com
Thu Dec 21 23:25:53 UTC 2017
On 22 Dec 2017, at 10:08, Roger Dingledine <arma at mit.edu> wrote:
>>> (Connection refused; CONNECTREFUSED; count 18; recommendation warn;
>>> host DAC825BBF05D678ABDEA1C3086E8D99CF0BBF112 at 185.73.220.8:443)
>>>
>>> So - I get loads of CONNECTREFUSED whilst coming up (presumably because
>>> of the attack) and then come fully back online.
>
>> IMO your tor searches for guards and they are under load, gone or lost
>> their guard flag. Finally you found a guard :)
>
> Yes, I agree. (Though if they were gone or lost their guard flag,
Gone, yes.
But don't client circuits try previously selected guards, even if they don't
have the guard flag right now?
(I know we don't re-weight guards as new consensuses arrive. I don't know
if we ignore them once they lose the guard flag.)
> you
> would not have tried them and gotten a CONNECTREFUSED. So I think they
> are all suffering from the "under load" case. Gosh.)
Yes, this is probably a lack of file descriptors, and new connections are
punished more severely than existing ones.
T
More information about the tor-relays
mailing list