[tor-relays] DoS on my non-exit relay? Or just oversensitive DoS "protection"?

Sebastian Niehaus Wed, 10 Aug 2016 00:47:08 -0700

Hi,

The provider of my non-exit "silentrocket" told me they temporarily
disconnected the server from their network because of a DoS attack
against the machine.


https://atlas.torproject.org/#details/7A32C9519D80CA458FC8B034A28F5F6815649A98

They sent me some details of what they think is a DoS attack (date and
time omitted ...):


###########################################
Attack type: DoS_IN
Attacked IP: 82.223.21.74
###########################################
Source Address  Source Port     Destination Address     Destination Port        
Frames


193.171.202.146 TCP:9001  82.223.21.74  TCP:61078       21440736
176.10.104.243  TCP:443   82.223.21.74  TCP:25817       11203344
185.29.8.132    TCP:443   82.223.21.74  TCP:56708       8160360
58.58.170.2     TCP:443   82.223.21.74  TCP:61980       7840824
144.76.14.145   TCP:143   82.223.21.74  TCP:19866       6240664
195.154.209.91  TCP:443   82.223.21.74  TCP:20229       4808568
192.42.113.102  TCP:9001  82.223.21.74  TCP:62658       4328568
83.146.80.152   TCP:39898 82.223.21.74  TCP:9001        3041584
87.98.162.251   TCP:443   82.223.21.74  TCP:60948       2240040
188.138.9.49    TCP:9001  82.223.21.74  TCP:13349       2240000
93.145.122.187  TCP:60469 82.223.21.74  TCP:9001        1920016
104.236.92.66   TCP:1337  82.223.21.74  TCP:48838       1760248
5.248.227.163   TCP:9001  82.223.21.74  TCP:28976       1760240
109.104.12.92   TCP:9001  82.223.21.74  TCP:15808       1601224
46.101.237.246  TCP:9001  82.223.21.74  TCP:18393       1600784
212.47.239.187  TCP:443   82.223.21.74  TCP:6669        1600000
212.117.180.130 TCP:443   82.223.21.74  TCP:37114       1440000
37.187.17.67    TCP:38547 82.223.21.74  TCP:9001        1281176
37.157.193.107  TCP:49192 82.223.21.74  TCP:9001        804896
193.11.164.243  TCP:9001  82.223.21.74  TCP:62265       800040


I am not sure whether it really looks like a DoS attack or if is just
many "normal" tor packets hammering on the small server which are
misunderstood as a DoS.


They are coming from a remote's maschines tor port and going to some
random port om my server suggesting the packets are simply a reply to
some connection my server opened.


The server ran fine for several months but now I get a disconnection
notice several times a day. Maybe there is really a DoS, maybe their
automatic DoS protection reacts too fast, maybe they are just fed up
with the traffic the relay causes and want to make things hard for me.

Do you have any (educated) guesses what might be going on here?


Thank you very much,


Sebastian

signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] DoS on my non-exit relay? Or just oversensitive DoS "protection"?

Reply via email to