another DirPort DoS attacker

John Brooks aspecialj at gmail.com
Tue Sep 2 15:44:14 UTC 2008


That is odd; I don't see what purpose a DoS against a specific
directory/node would serve (unless you were specifically attacking a
connection routed through that node, or trying to use latency attacks). Is
it an exit node? Could be retaliation from something a user did through your
node by someone who doesn't understand tor, although choosing the directory
port is a bit strange.

Another option would be that it's completely unrelated to tor. What port is
your directory on? If it's a common service/proxy port, it could be some
exploit attempt or similar getting confused. It's a bit worrying if someone
cares about attacking tor itself that much, in an abstract way.

Chances are it's nothing too worrisome, though.

- John Brooks

On Tue, Sep 2, 2008 at 7:20 AM, Scott Bennett <bennett at cs.niu.edu> wrote:

>     A short time ago, I found that 212.205.53.212 had several hundred open
> TCP connections to my tor server's DirPort, and very little relay traffic
> seemed to be getting past all of that.  I've now taken steps to prevent
> such
> connections from that IP address.  (That IP address has the hame
> sahrsmtp03.cosmote.gr.)  Other tor server operators may (or may not) wish
> to
> follow suit.
>
>
>                                  Scott Bennett, Comm. ASMELG, CFIAG
> **********************************************************************
> * Internet:       bennett at cs.niu.edu                              *
> *--------------------------------------------------------------------*
> * "A well regulated and disciplined militia, is at all times a good  *
> * objection to the introduction of that bane of all free governments *
> * -- a standing army."                                               *
> *    -- Gov. John Hancock, New York Journal, 28 January 1790         *
> **********************************************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20080902/57f23955/attachment.htm>


More information about the tor-talk mailing list