Re: [tor-relays] DDOS mitigation with nftables
* Top: > The script failed on my server, complaining that the `iptables` command > couldn't be found (and no rules had been applied). You provided too little information to offer detailed advice. Best not to interpret error messages if you can post actual logs instead. Generally speaking, your problems might be related to your PATH variable content during script execution. You also may find [1] generally useful. [1] https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables_to_nftables > So how can I apply proper DDOS protection firewall rules whilst using > `nftables`? Is there some easy way to modify the script to make it > work? The question of difficulty depends on your personal knowledge and skills. Based on your own assessment, meddling with Kernel routing tables might be beyond your current level of experience. You can sabotage your server's operation and lock yourself out, so I urge you to get comfortable with the whole subject in a test environment with backup console access, before taking on a remote production server. -Ralph ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
* Pierre Bourdon: > A few hours ago I received a forwarded abuse report from Hetzner for > one of my machines running a Tor relay (not exit). Some random ISP was > claiming I was sending SSH connections to them [...] Same here. Middle relay, automated abuse report forwarded by Hetzner, for alleged scans of TCP port 22 across several related IPv4 class-C networks. I wondered if that was a mistake on the reporting third party's end, but given that I am not the only on, it seems there is more to it. -Ralph ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Re: Update: Tor relays source IPs spoofed to mass-scan port 22
* Roger Dingledine: > We should expect some more days of fallout, while mistaken abuse > complaints are still being processed by various hosters. You called it. Mere minutes ago, Hetzner forwarded another complaint, for a grand total of 9 (yes, nine, what a gruesome level of abuse) spoofed connection attempts over the course of November 5 and 6. The destination addresses were part of the known class C subnets already reported here, and the source of the complaint were of course the tireless dolts at watchdogcyberdefense.com. Unsurprisingly, I can't tell if Hetzner is not done processing old complaints, or if the complaining party is still generating fresh mail based on their accumulated backlog. Apart from that: My thanks to everybody who helped clamping down on this. -Ralph ___ tor-relays mailing list -- tor-relays@lists.torproject.org To unsubscribe send an email to tor-relays-le...@lists.torproject.org
