[tor-relays] Bridge Sees 100x Clients Starting 2019-08-31

[Porcelain Mouse]

On Wed, 18 Sep 2019 12:11, Philipp Winter wrote:
> On Mon, Sep 16, 2019 at 12:25:03PM -0700, Porcelain Mouse wrote:
>> 1) Can we be pretty sure the bulk of this sudden increase in users is 
>> abuse traffic?  If not, is this a problem?
>
> Are most of your new clients from Iran?  We believe that some popular 
> third-party software started using our bridges, causing these spikes.

Funny story...my ISP forced an IP changed on me yesterday.  Now I'm not 
getting any traffic at all.  From a recent thread on this list, I 
understand that it could take a while to get back to normal.  But, in any 
case, I cannot check, now.  I'll keep that in mind, though, if I get 
blasted again.

> >> 2)What should I do about it, if anything?
> There's not much to do at this point.  If this is becoming a burden for 
> your bridge, you could change its port(s), which may get rid of these 
> third-party users -- at least temporarily.

Okay, thanks for that suggestion.  I will keep that in my bag of tricks 
for the future.  I didn't know that could slow down attacks.

>> 3) Would using obfuscation help this problem?
>
> I'm not sure what protocols this third-party software uses.  Since 
> you're asking, I assume your bridge only runs vanilla Tor?

I run RPM-base distro and would prefer to stick with packages I can get 
easily.  But, I could build tor for myself, if it came to that.  I was 
specifically thinking of obsf4 when I asked this question, but I only 
looked into it, briefly, and don't know exactly how it works.  I seems 
like it answers connections for tor, ala inetd and tcp wrappers, and you 
can just add it to your torrc. Is that not right?  Anyway, I guess it 
doesn't matter, the issue has passed.  I just saw your call for obsf4 and 
couldn't figure out what it does that is useful to the project.  I want my 
node to be useful.

P.S. Sorry about misspelling your name.

-- 
PMouse