Alex Xu wrote:
> Quoting Felix (2017-12-11 17:07:30), as excerpted
> > Hi Alex
> >
> > Great points.
> >
> > > conntrack -L -p tcp --dport 9001 | awk '{print $5}' | sort | uniq -c
> > > | sort -n
> >
> > On FreeBSD one can do:
> >
>
> yeah, the optimal rule would ban "bad IPs" after some
Hi,
Since October 2017, a majority of directory authorities check relay IPv6
ORPorts.
If your relay is configured with an IPv6 ORPort:
ORPort [IPv6]:Port
and it is not reachable over IPv6, it will be excluded from the consensus.
This can happen if the address is wrong, or the IPv6 routing is w
teor:
>> Chad MILLER:
>>> Torix, that's still true. Snaps restrict syscalls so tightly that switching
>>> users is not possible.
>>
>> Is it possible to start tor with a non-root user directly (without using
>> tor's user parameter to drop privileges)?
>
> Yes, but you must pre-configure tor's d
Hi Alex,
> This attack appears to be malicious to me. It seems to work like this:
> 1. Open many OR connections (hundreds to thousands)
> 2. Leave open until tor runs out of sockets
> Tor presently waits for the connections to time out, which takes 3-4.5
> minutes. It should instead more aggress
Quoting Felix (2017-12-11 17:07:30), as excerpted
> Hi Alex
>
> Great points.
>
> > conntrack -L -p tcp --dport 9001 | awk '{print $5}' | sort | uniq -c |
> > sort -n
>
> On FreeBSD one can do:
>
yeah, the optimal rule would ban "bad IPs" after some threshold of
connections, like "if one
I am getting these warnings, not very often, and the exit (restricted) is
working well otherwise:
"Dec 11 18:07:23.000 [warn] Tried to establish rendezvous on non-OR circuit
with purpose Acting as rendevous (pending)"
Some posts about this elsewhere hinted this warning could be caused by attack
Hi Alex
Great points.
> conntrack -L -p tcp --dport 9001 | awk '{print $5}' | sort | uniq -c |
> sort -n
On FreeBSD one can do:
In packetfilter:
# play with the numbers but more than 64k per ip if possible
set limit { frags 7, src-nodes 7, states 7, table-entries
10 }
tab
On Mon, December 11, 2017 1:40 pm, Alex Xu wrote:
> tl;dr: run this:
>
> conntrack -L -p tcp --dport 9001 | awk '{print $5}' | sort | uniq -c |
> sort -n
Thanks for the detailed analysis.
> ignore numbers less than 10. the remaining output should consist of the
> following:
...
> are not N
tl;dr: run this:
conntrack -L -p tcp --dport 9001 | awk '{print $5}' | sort | uniq -c | sort
-n
ignore numbers less than 10. the remaining output should consist of the
following:
1. your IP
2. LeaseWeb and Online.net IPs (use rDNS and whois)
3. mobile networks
block IPs in set 2 from acces
