[tor-relays] many connections

Sandro Auerbach sandro.auerbach88 at gmail.com
Fri Oct 7 11:37:15 UTC 2022


An effect can definitely be seen.

I now have an average of 30 relays and over 600 IPs in the block list.


Am 07.10.22 um 09:18 schrieb Chris:
>
> Compare.sh will tell you how many of the IPs in the block list are 
> relays. You've collected a lot more IPs in your block list. Open a 
> terminal and type:
>
> ipset -L tor-ddos and you'll see how many IPs are sitting in your 
> block list.
>
>
> On 10/6/2022 1:13 PM, Richie wrote:
>> Hoi, Chris,
>>
>> oh wow, that seems to help a lot. Uptime 1/2 hour now, load 50-60% 
>> and six IPs collected according to compare.sh. No signs of overload yet.
>>
>> Thanks a lot, and i'll report, how things evolved. ATM, it looks like 
>> you can add the "n00b proof"-stamp to your concept :)
>>
>> Greets and thanks again,
>> Richie
>>
>> Am 06.10.22 um 11:47 schrieb Chris:
>>> Hi Richie
>>>
>>> I was a bit lost myself having to deal with the scripts and 
>>> additional packages to install. So I put something together for 
>>> myself based on the same rules and added a few twists but in a 
>>> simple text n00b proof format. It's as simple as copy and paste and 
>>> because it's all in clear text, you can modify it without worrying 
>>> about breaking any script. My rules are a tad more strict but you 
>>> can modify them as you wish. But the concept is what @toralf has 
>>> been implementing with a few twists for efficiency's sake.
>>>
>>> You can find them here:
>>>
>>> https://github.com/Enkidu-6/tor-ddos
>>>
>>>
>>> On 10/3/2022 6:26 AM, Richie wrote:
>>>> Hi, toralf,
>>>>
>>>> since i'm quite a n00b regarding iptables and shellscripts: are 
>>>> there somewhere n00b-proof setup instructions for the ddos 
>>>> protection scripts?
>>>> here: relay (schlafschaf) with the usual connection floods, running 
>>>> on Kubuntu (latest LTS)
>>>>
>>>> What i found out:
>>>> ipset is not installed per default, added via
>>>> sudo apt-get install iptables
>>>> Also installed as recommended: stem, jq
>>>>
>>>> Trivial, nevertheless: edited the ORPort address on Line 122
>>>> Outcommented Lines 79-103 (hetzner, zwiebeltoralf only)
>>>>
>>>> running the script results in output as with iptables -L, containing
>>>> tcp dpt:443 #conn src/32 > 30
>>>> @ the "chain input ACCEPT" line
>>>> and no entries in the chain PREROUTUNG, OUTPUT, PREROUTING and 
>>>> OUTPUT lines.
>>>>
>>>> Strange: sudo watch ipv4-rules.sh results in
>>>> 1: ipv4-rules.sh: not found
>>>>
>>>> My apologies if its not the right place to ask.
>>>> greetz
>>>> Korrupt
>>>>
>>>> Am 03.10.22 um 09:43 schrieb Toralf Förster:
>>>>> On 9/30/22 17:57, Sandro Auerbach wrote:
>>>>>> 30 minutes later still 22000 connections...
>>>>>> Have you observed something similar?
>>>>>
>>>>> I reduced those spikes [1] by using certain iptables rules [2].
>>>>>
>>>>>
>>>>> [1] https://github.com/toralf/torutils/blob/main/sysstat.svg
>>>>> [2] https://github.com/toralf/torutils
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> tor-relays mailing list
>>>>> tor-relays at lists.torproject.org
>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>>
>>>> _______________________________________________
>>>> tor-relays mailing list
>>>> tor-relays at lists.torproject.org
>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20221007/251ca35a/attachment.htm>


More information about the tor-relays mailing list