[tor-relays] Recent wave of abuse on Tor guards

Pascal Terjan pterjan at gmail.com
Fri Dec 22 15:49:54 UTC 2017 

I got also 17 from ovh (under ip-54-36-51.eu) and plenty of
leaseweb.com (didn't count) too but no  your-server.de

The OVH ones were interestingly 2 (nearby) consecutive blocks of 4 and
13 IPs (and are not relays)


On 22 December 2017 at 15:23, Tyler Johnson <tylrcjhnsn at gmail.com> wrote:
> Every IP I was checking through Atlas which are part of the mentioned hosts
> were NOT relays, all client connections.
>
> On Dec 22, 2017 9:20 AM, "niftybunny" <abuse at to-surf-and-protect.net> wrote:
>>
>> Thats “only” “relays” with multiple connections to your relay?
>> Interesting to see Hetzner there …
>>
>> Markus
>>
>>
>> On 22. Dec 2017, at 16:14, Tyler Johnson <tylrcjhnsn at gmail.com> wrote:
>>
>> Out off 133 IPs blocked with my rather aggressive firewall ruleset:
>>
>> leaseweb.com - 26
>> your-server.de - 66
>> ip-54-36-51.eu - 17
>>
>> That was in < 24hrs.
>>
>> On Dec 22, 2017 3:38 AM, "niftybunny" <abuse at to-surf-and-protect.net>
>> wrote:
>>>
>>> Short answer:
>>>
>>> https://i.imgur.com/8QLptcz.png
>>>
>>> Around 15000 - 18000 connections I can see with netstat. Even my 300 mbit
>>> exit has less and there a a lot of Leaseweb clients connecting to me ...
>>> The interesting thing is, it comes and goes in waves. From 6000 (normal)
>>> to 20000 connections within an hour.
>>> Someone doesn't like me very much :(
>>>
>>> Markus
>>>
>>>
>>>
>>> On 22. Dec 2017, at 08:42, Felix <zwiebel at quantentunnel.de> wrote:
>>>
>>> Am 22-Dec-17 um 08:25 schrieb niftybunny:
>>>
>>> Still under heavy attack even with the MaxMemInQueues and 0.3.2.8-rc. I
>>> need 2 xeons to push 30 mbit as a guard/middle …
>>>
>>>
>>> Do you want to share some information:
>>>
>>> Type i)
>>> (memory exhaustion by too many circuits)
>>> What is the memory(top) per tor and its MaxMemInQueues ?
>>> How many circuits per hour in log ?
>>>
>>> Type ii)
>>> (cpu exhaustion by too many 'half open' tor connections)
>>> Is your number of open files normal (fw in place) and moderate
>>> connection counts per remote IP ?
>>>
>>> Type iii)
>>> (One fills your server with too many long fat pipes, first ACK and RTT)
>>> If on Freebsd, is "mbuf clusters in use" (netstat -m) moderate ?
>>> Do you get "kern.ipc.nmbclusters limit reached" in messages ?
>>>
>>> --
>>> Cheers, Felix
>>> _______________________________________________
>>> tor-relays mailing list
>>> tor-relays at lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>>>
>>>
>>> _______________________________________________
>>> tor-relays mailing list
>>> tor-relays at lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>>
>>
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>

More information about the tor-relays mailing list