[tor-relays] Recent wave of abuse on Tor guards
niftybunny
abuse at to-surf-and-protect.net
Fri Dec 22 15:19:56 UTC 2017
Thats “only” “relays” with multiple connections to your relay?
Interesting to see Hetzner there …
Markus
> On 22. Dec 2017, at 16:14, Tyler Johnson <tylrcjhnsn at gmail.com> wrote:
>
> Out off 133 IPs blocked with my rather aggressive firewall ruleset:
>
> leaseweb.com <http://leaseweb.com/> - 26
> your-server.de <http://your-server.de/> - 66
> ip-54-36-51.eu <http://ip-54-36-51.eu/> - 17
>
> That was in < 24hrs.
>
> On Dec 22, 2017 3:38 AM, "niftybunny" <abuse at to-surf-and-protect.net <mailto:abuse at to-surf-and-protect.net>> wrote:
> Short answer:
>
> https://i.imgur.com/8QLptcz.png <https://i.imgur.com/8QLptcz.png>
>
> Around 15000 - 18000 connections I can see with netstat. Even my 300 mbit exit has less and there a a lot of Leaseweb clients connecting to me ...
> The interesting thing is, it comes and goes in waves. From 6000 (normal) to 20000 connections within an hour.
> Someone doesn't like me very much :(
>
> Markus
>
>
>
>> On 22. Dec 2017, at 08:42, Felix <zwiebel at quantentunnel.de <mailto:zwiebel at quantentunnel.de>> wrote:
>>
>> Am 22-Dec-17 um 08:25 schrieb niftybunny:
>>> Still under heavy attack even with the MaxMemInQueues and 0.3.2.8-rc. I
>>> need 2 xeons to push 30 mbit as a guard/middle …
>>
>> Do you want to share some information:
>>
>> Type i)
>> (memory exhaustion by too many circuits)
>> What is the memory(top) per tor and its MaxMemInQueues ?
>> How many circuits per hour in log ?
>>
>> Type ii)
>> (cpu exhaustion by too many 'half open' tor connections)
>> Is your number of open files normal (fw in place) and moderate
>> connection counts per remote IP ?
>>
>> Type iii)
>> (One fills your server with too many long fat pipes, first ACK and RTT)
>> If on Freebsd, is "mbuf clusters in use" (netstat -m) moderate ?
>> Do you get "kern.ipc.nmbclusters limit reached" in messages ?
>>
>> --
>> Cheers, Felix
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org <mailto:tor-relays at lists.torproject.org>
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org <mailto:tor-relays at lists.torproject.org>
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20171222/0f2d0773/attachment.html>
More information about the tor-relays
mailing list