[tor-relays] OVH Mitigation
Ben Tasker
ben at bentasker.co.uk
Thu Sep 10 07:58:40 UTC 2020
On Thu, Sep 10, 2020 at 8:48 AM Dr Gerard Bulger <gerard at bulger.co.uk>
wrote:
> I know we should dilute our dependence on OVH, but cheap and seem to
> ignore the fact the machine is an exit node.
>
>
>
> OVH has a seemingly patented a system to deal with denial of service
> attacks. I am not sure what they detect but when they do we get this:
>
>
>
> *“We have just detected an attack on IP address x.x.x.x. In order to
> protect your infrastructure, we vacuumed up your traffic onto our
> mitigation infrastructure. The entire attack will thus be filtered by our
> infrastructure, and only legitimate traffic will reach your servers. At the
> end of the attack, your infrastructure will be immediately withdrawn from
> the mitigation”*
>
>
>
I have a server (not a relay) with OVH, and also started receiving these
recently. I raised a ticket with them to ask for more information about the
detected attack (what port/proto etc) because there are legitimate uses
that may look a bit like an attack (the boxes sit behind a CDN, so you can
end up with a lot of requests/connections from not may IPs)
Worryingly, they couldn't actually tell me - all I managed to get back was
"looks like it's a false positive". It's triggered a few times since, with
no sign of anything even remotely suspicious in my traffic graphs.
I know this doesn't really add much knowledge about what they're detecting,
but the point is more that they don't seem to be overly clear themselves
--
Ben Tasker
https://www.bentasker.co.uk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20200910/9180c896/attachment.htm>
More information about the tor-relays
mailing list