[tor-relays] DoS on my non-exit relay? Or just oversensitive DoS "protection"?
Sebastian Niehaus
niehaus at web.de
Wed Aug 10 07:39:35 UTC 2016
Hi,
The provider of my non-exit "silentrocket" told me they temporarily
disconnected the server from their network because of a DoS attack
against the machine.
https://atlas.torproject.org/#details/7A32C9519D80CA458FC8B034A28F5F6815649A98
They sent me some details of what they think is a DoS attack (date and
time omitted ...):
###########################################
Attack type: DoS_IN
Attacked IP: 82.223.21.74
###########################################
Source Address Source Port Destination Address Destination Port Frames
193.171.202.146 TCP:9001 82.223.21.74 TCP:61078 21440736
176.10.104.243 TCP:443 82.223.21.74 TCP:25817 11203344
185.29.8.132 TCP:443 82.223.21.74 TCP:56708 8160360
58.58.170.2 TCP:443 82.223.21.74 TCP:61980 7840824
144.76.14.145 TCP:143 82.223.21.74 TCP:19866 6240664
195.154.209.91 TCP:443 82.223.21.74 TCP:20229 4808568
192.42.113.102 TCP:9001 82.223.21.74 TCP:62658 4328568
83.146.80.152 TCP:39898 82.223.21.74 TCP:9001 3041584
87.98.162.251 TCP:443 82.223.21.74 TCP:60948 2240040
188.138.9.49 TCP:9001 82.223.21.74 TCP:13349 2240000
93.145.122.187 TCP:60469 82.223.21.74 TCP:9001 1920016
104.236.92.66 TCP:1337 82.223.21.74 TCP:48838 1760248
5.248.227.163 TCP:9001 82.223.21.74 TCP:28976 1760240
109.104.12.92 TCP:9001 82.223.21.74 TCP:15808 1601224
46.101.237.246 TCP:9001 82.223.21.74 TCP:18393 1600784
212.47.239.187 TCP:443 82.223.21.74 TCP:6669 1600000
212.117.180.130 TCP:443 82.223.21.74 TCP:37114 1440000
37.187.17.67 TCP:38547 82.223.21.74 TCP:9001 1281176
37.157.193.107 TCP:49192 82.223.21.74 TCP:9001 804896
193.11.164.243 TCP:9001 82.223.21.74 TCP:62265 800040
I am not sure whether it really looks like a DoS attack or if is just
many "normal" tor packets hammering on the small server which are
misunderstood as a DoS.
They are coming from a remote's maschines tor port and going to some
random port om my server suggesting the packets are simply a reply to
some connection my server opened.
The server ran fine for several months but now I get a disconnection
notice several times a day. Maybe there is really a DoS, maybe their
automatic DoS protection reacts too fast, maybe they are just fed up
with the traffic the relay causes and want to make things hard for me.
Do you have any (educated) guesses what might be going on here?
Thank you very much,
Sebastian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160810/58f916ad/attachment-0001.sig>
More information about the tor-relays
mailing list