[tor-relays] Recent wave of abuse on Tor guards
Tyler Johnson
tylrcjhnsn at gmail.com
Fri Dec 22 15:23:52 UTC 2017
Every IP I was checking through Atlas which are part of the mentioned hosts
were NOT relays, all client connections.
On Dec 22, 2017 9:20 AM, "niftybunny" <abuse at to-surf-and-protect.net> wrote:
> Thats “only” “relays” with multiple connections to your relay?
> Interesting to see Hetzner there …
>
> Markus
>
>
> On 22. Dec 2017, at 16:14, Tyler Johnson <tylrcjhnsn at gmail.com> wrote:
>
> Out off 133 IPs blocked with my rather aggressive firewall ruleset:
>
> leaseweb.com - 26
> your-server.de - 66
> ip-54-36-51.eu - 17
>
> That was in < 24hrs.
>
> On Dec 22, 2017 3:38 AM, "niftybunny" <abuse at to-surf-and-protect.net>
> wrote:
>
>> Short answer:
>>
>> https://i.imgur.com/8QLptcz.png
>>
>> Around 15000 - 18000 connections I can see with netstat. Even my 300 mbit
>> exit has less and there a a lot of Leaseweb clients connecting to me ...
>> The interesting thing is, it comes and goes in waves. From 6000 (normal)
>> to 20000 connections within an hour.
>> Someone doesn't like me very much :(
>>
>> Markus
>>
>>
>>
>> On 22. Dec 2017, at 08:42, Felix <zwiebel at quantentunnel.de> wrote:
>>
>> Am 22-Dec-17 um 08:25 schrieb niftybunny:
>>
>> Still under heavy attack even with the MaxMemInQueues and 0.3.2.8-rc. I
>> need 2 xeons to push 30 mbit as a guard/middle …
>>
>>
>> Do you want to share some information:
>>
>> Type i)
>> (memory exhaustion by too many circuits)
>> What is the memory(top) per tor and its MaxMemInQueues ?
>> How many circuits per hour in log ?
>>
>> Type ii)
>> (cpu exhaustion by too many 'half open' tor connections)
>> Is your number of open files normal (fw in place) and moderate
>> connection counts per remote IP ?
>>
>> Type iii)
>> (One fills your server with too many long fat pipes, first ACK and RTT)
>> If on Freebsd, is "mbuf clusters in use" (netstat -m) moderate ?
>> Do you get "kern.ipc.nmbclusters limit reached" in messages ?
>>
>> --
>> Cheers, Felix
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>>
>>
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20171222/6f21eff8/attachment-0001.html>
More information about the tor-relays
mailing list