-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 elrippo: > Am Dienstag, 3. September 2013, 15:35:04 schrieb adrelanos: >> New hypothesis: This is an attempt to shut down the Tor network >> once and forever. >> >> Might this be an attack on the Tor network with the goal to make >> it that slow for everyone, that no one will use it anymore? >> (DDOS) > > The Thing on my node's is simply the fact, that TOR Exit's keep > DDOS'ing my Router.
Meanwhile, my Tor *relay* is DOSing its own router. If anybody from the Raspberry Pi thread is reading (and I'll post it there later if not when I've observed it more), on 0.2.4.x, the Pi can handle most circuit storms without crashing (though it still does, quite rarely), but somehow it's causing my NAT router to partially/completely fail and I still haven't figured out exactly how. It starts happening *before* the ip_conntrack table is full, and it's considerably smaller than the point at which ip_conntrack entries can trigger the OOM killer, so I don't know yet what's causing it. The router has also handled plenty more simultaneous in/out bandwidth in the past. Regardless, the router starts dropping packets, and killing Tor stops it, and restarting Tor soon enough (so most connected clients are still in their retry period before giving up) starts it again immediately. In fact, I've just woken up - started my Tor node a few hours ago before going to sleep - and it appears to be starting to beat my router down now. Router load isn't high, it doesn't seem out of memory - when you can hit the status page - but ping times start to climb or time out, and the first canary to fall over is DNS resolution (the router "does" DNS via DNSmasq). Sigh... > This started with 140 Exit nodes in my daily blacklist. The Past > week it did grow to about 220 Exit nodes increasing constantly at > 10 more by day. The interesting thing is, that these are always > the same nodes, so on my behalf this tastes like a botnet. They're DDOSing *you*? How so? Best, - -Gordon M. -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJSJ175AAoJED/jpRoe7/ujswcIAMCvTRWuBkyktpQp6RgzB46i UVtPDf3VrMYNhprUYxmDx7LMXVwQtOwKtiK6poMBbiheJkj1ut/xRG0D/fvPg94q +TZfQQPCH4Imvy9c23vF7/uCDKoMx+tGYUKqbqThhZAuZGLMnmsUQQLS2ehq0YC8 iQiL+YYVAgTRfkiU2VvVDnP0TMjYspH9yn1VkkaNZanQFCZH1Br3tHjVxg/lSOje sA1ShlWs1kfBd9/GbItkH3g8ZBuKO7i/aAOlpiZRkEA0ZmBX5tuhhuey06bqcky0 zNbRCp87OEPsryDApjdhrybWrLo0dw302DC0S+SnUJ4j7gRz4cE/kvTDMnmE9Jo= =hhRF -----END PGP SIGNATURE----- -- tor-talk mailing list - [email protected] To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
