another seeming attack on my server's DirPort
Scott Bennett
bennett at cs.niu.edu
Wed Dec 19 08:46:04 UTC 2007
A little while ago, I added another filter rule to the router here to
stop an apparently endless, rapid-fire series of directory requests hitting
my tor server's DirPort from 125.35.9.66, which appears to be in China. The
last time I reported this type of thing, you may recall, it came from a site
in Italy. The symptom, like the last time, was that output rate on my
machine's main Ethernet interface was running steadily around the transmit
rate limit imposed by my ADSL line. dig(1) shows:
; <<>> DiG 9.3.4-P1 <<>> -x 125.35.9.66 any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 63929
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;66.9.35.125.in-addr.arpa. IN ANY
;; AUTHORITY SECTION:
9.35.125.in-addr.arpa. 10800 IN SOA ns.bta.net.cn. root.ns.bta.net.cn. 2006020501 28899 7200 604800 86400
;; Query time: 351 msec
;; SERVER: 66.225.32.4#53(66.225.32.4)
;; WHEN: Wed Dec 19 02:40:29 2007
;; MSG SIZE rcvd: 96
Is anyone else having this kind of trouble, regardless of the apparent
origin(s) of the attack(s)? I don't mind legitimate requests for directory
service tying up all or nearly all of my available output bandwidth, but I
do object to morons conducting a DoS attack to keep others from getting
directory service from my tor servers directory mirror. If others are also
finding their tor servers being hit like this, then perhaps we need to think
up an automated way to deny directory service to abusers in order to put a
stop to such activity.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at cs.niu.edu *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************
More information about the tor-talk
mailing list