[tor-relays] Recent wave of abuse on Tor guards
niftybunny
abuse at to-surf-and-protect.net
Fri Dec 22 07:25:00 UTC 2017
Still under heavy attack even with the MaxMemInQueues and 0.3.2.8-rc. I need 2 xeons to push 30 mbit as a guard/middle …
Markus
> On 22. Dec 2017, at 00:25, teor <teor2345 at gmail.com> wrote:
>
>
> On 22 Dec 2017, at 10:08, Roger Dingledine <arma at mit.edu> wrote:
>
>>>> (Connection refused; CONNECTREFUSED; count 18; recommendation warn;
>>>> host DAC825BBF05D678ABDEA1C3086E8D99CF0BBF112 at 185.73.220.8:443)
>>>>
>>>> So - I get loads of CONNECTREFUSED whilst coming up (presumably because
>>>> of the attack) and then come fully back online.
>>
>>> IMO your tor searches for guards and they are under load, gone or lost
>>> their guard flag. Finally you found a guard :)
>>
>> Yes, I agree. (Though if they were gone or lost their guard flag,
>
> Gone, yes.
>
> But don't client circuits try previously selected guards, even if they don't
> have the guard flag right now?
> (I know we don't re-weight guards as new consensuses arrive. I don't know
> if we ignore them once they lose the guard flag.)
>
>> you
>> would not have tried them and gotten a CONNECTREFUSED. So I think they
>> are all suffering from the "under load" case. Gosh.)
>
> Yes, this is probably a lack of file descriptors, and new connections are
> punished more severely than existing ones.
> T
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20171222/62d6ac36/attachment.html>
More information about the tor-relays
mailing list