On Thu, Sep 10, 2020 at 8:48 AM Dr Gerard Bulger <ger...@bulger.co.uk> wrote:
> I know we should dilute our dependence on OVH, but cheap and seem to > ignore the fact the machine is an exit node. > > > > OVH has a seemingly patented a system to deal with denial of service > attacks. I am not sure what they detect but when they do we get this: > > > > *“We have just detected an attack on IP address x.x.x.x. In order to > protect your infrastructure, we vacuumed up your traffic onto our > mitigation infrastructure. The entire attack will thus be filtered by our > infrastructure, and only legitimate traffic will reach your servers. At the > end of the attack, your infrastructure will be immediately withdrawn from > the mitigation”* > > > I have a server (not a relay) with OVH, and also started receiving these recently. I raised a ticket with them to ask for more information about the detected attack (what port/proto etc) because there are legitimate uses that may look a bit like an attack (the boxes sit behind a CDN, so you can end up with a lot of requests/connections from not may IPs) Worryingly, they couldn't actually tell me - all I managed to get back was "looks like it's a false positive". It's triggered a few times since, with no sign of anything even remotely suspicious in my traffic graphs. I know this doesn't really add much knowledge about what they're detecting, but the point is more that they don't seem to be overly clear themselves -- Ben Tasker https://www.bentasker.co.uk
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
