If this is a synflood or any other ddos attack on his vps the tor server would not relay the attack and in and outgoing traffic would be vastly different.
Sent from my iPad > On 01 Aug 2016, at 15:12, teor <teor2...@gmail.com> wrote: > > >> On 1 Aug 2016, at 23:08, Markus Koch <niftybu...@googlemail.com> wrote: >> >> Looks like DOS/DDOS.Is it even possible to DDOS over tor? > > It's possible to (D)DOS any server using ping (or DNS, or any other UDP > responder). > All an attacker needs is the server's IP address, which is publicly available > in the Tor consensus. > Then they can attack the relay from the Internet. > > There's no need to use Tor to tunnel the (D)DOS. In this case, Tor doesn't > tunnel UDP, so it's unlikely to be the culprit. > > Tim > >> >> >> 2016-08-01 15:04 GMT+02:00 pa011 <pa...@web.de>: >>> yes about the same - sorry for the page brake dont get it solved in my >>> thunderbird >>> >>> h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) h rx (KiB) >>> tx (KiB) >>> 23 6.559.929 6.748.215 07 4.697.285 4.845.893 15 35.106.193 >>> 35.833.114 >>> 00 5.129.384 5.289.456 08 12.317.567 12.605.726 16 0 >>> 0 >>> 01 3.709.181 3.843.988 09 14.913.172 15.278.079 17 0 >>> 0 >>> 02 4.405.017 4.574.745 10 22.218.874 22.738.508 18 102.138 >>> 144.732 >>> 03 4.670.091 4.817.785 11 25.700.571 26.306.505 19 275.999 >>> 340.633 >>> 04 4.711.807 4.853.921 12 32.840.796 33.571.996 20 271.278 >>> 382.087 >>> 05 4.269.354 4.408.417 13 32.910.527 33.637.092 21 263.147 >>> 383.444 >>> 06 5.279.142 5.443.890 14 40.052.678 40.824.138 22 176.040 >>> 258.865 >>> >>> >>>> Am 01.08.2016 um 14:51 schrieb Markus Koch: >>>> In and outgoing traffic is the same size? >>>> >>>> >>>> >>>> 2016-08-01 14:44 GMT+02:00 pa011 <pa...@web.de>: >>>>> The ISP didn’t mention - I would have to ask. >>>>> >>>>> What I saw was that the traffic was up about linear from usually 30Mbits >>>>> to above 100 Mbits over about 6 hours, bringing the CPU to 100% and >>>>> dropping. >>>>> >>>>> >>>>>> Am 01.08.2016 um 14:36 schrieb Markus Koch: >>>>>> How many packets per second? >>>>>> >>>>>> Markus >>>>>> >>>>>> >>>>>> >>>>>> 2016-08-01 14:28 GMT+02:00 pa011 <pa...@web.de>: >>>>>>> Hello, >>>>>>> >>>>>>> one of my middle relays got auto limited by the ISP because of >>>>>>> "outgooing UDP flooding ". >>>>>>> >>>>>>> The VPS is pure debian8, fail2ban, pub key and nothing else installed - >>>>>>> so I highly doubt the give reason for the traffic limitation. >>>>>>> Also I cant find anything in the log files. >>>>>>> >>>>>>> Anybody having experience with such an issue? >>>>>>> What to check for please? >>>>>>> >>>>>>> Paul >>>>>>> >>>>>>> _______________________________________________ >>>>>>> tor-relays mailing list >>>>>>> tor-relays@lists.torproject.org >>>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>>>>> _______________________________________________ >>>>>> tor-relays mailing list >>>>>> tor-relays@lists.torproject.org >>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>>>> _______________________________________________ >>>>> tor-relays mailing list >>>>> tor-relays@lists.torproject.org >>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>>> _______________________________________________ >>>> tor-relays mailing list >>>> tor-relays@lists.torproject.org >>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>> _______________________________________________ >>> tor-relays mailing list >>> tor-relays@lists.torproject.org >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> _______________________________________________ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > Tim Wilson-Brown (teor) > > teor2345 at gmail dot com > PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B > ricochet:ekmygaiu4rzgsk6n > xmmp: teor at torproject dot org > > > > > > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
