Re: [tor-relays] Please check if your relay has fallen out of the consensus

ses vs other addresses. If you need more direct help, we can help you debug or answer other questions on #tor-relays on IRC. Thanks, -- Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi- bin/mailman/

Re: [tor-relays] DDOS mitigation with nftables

community/support/-/issues/40093 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___________ tor-relays mailing list tor-relays@

Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?

I believe it would be helpful to develop a standard template letter to address these abuse reports. This letter could clarify the ongoing attack, explain the potential for packet spoofing, and outline why responding to a single SYN packet with an abuse letter may not be the most effective use o

Re: [tor-relays] Please check if your relay has fallen out of the consensus

rule out other issues like firewall rules on your side, and then (if you're able) to start exploring traceroutes to the directory authority IP addresses vs other addresses. If you need more direct help, we can help you debug or answer other question

Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?

__ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Re: Update: Tor relays source IPs spoofed to mass-scan port 22

On 8/11/24 08:47, tor-relays+tor-rel...@queer.cat wrote: On 8/11/24 03:14, Red Oaive via tor-relays wrote: I just reset my SYN-ACK detection nft counter and it's still showing activity:    tcp sport 22 tcp flags == 0x12 counter packets 9 bytes 504 This rule will also count SYN-ACKs sent

Re: [tor-relays] Please check if your relay has fallen out of the consensus

- Have you tried checking what happens when you access the directory's port using a web browser or curl? curl -I http://217.196.147.77:80 Where do you get redirected? ___ tor-relays mailing list tor-relays@lists.tor

[tor-relays] Re: Update: Tor relays source IPs spoofed to mass-scan port 22

It’s possible that the attack was filtered upstream, and since you’re closer to the attacker, you might still be seeing those spoofed packets. Also, if you’re noticing spoofed packets coming from your own network, it could indicate a deeper issue. Have you checked if reverse path filtering is e

[tor-relays] Re: Inquiry about a possible DDoS case

Is your server running a DNS server that's open to the internet on port 53? On 6/11/24 09:25, Jose A via tor-relays wrote: Hello everyone. I have received a communication from my ISP regarding the IP where I have a Middle Relay and a Bridge, informing me that this IP is being used for a DDoS

[tor-relays] Re: Update: Tor relays source IPs spoofed to mass-scan port 22

On 8/11/24 03:14, Red Oaive via tor-relays wrote: I just reset my SYN-ACK detection nft counter and it's still showing activity:   tcp sport 22 tcp flags == 0x12 counter packets 9 bytes 504 This rule will also count SYN-ACKs sent from your own server to bots trying to connect to your SSH