Re: [tor-relays] Are zealous connections to directory port common?
One of mine is being DDOSed today. Zenaan Harkness wrote: > >>> I think it is unusual. >>> >>> Are you just checking the tor log to see this? >> >> OK, so I am being DOSed then. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Are zealous connections to directory port common?
What are the IPs connecting to you? I've been watching my firewall logs here recently and see several hosts from several distinct subnets consistently trying to connect to TOR related ports. On Fri, Mar 14, 2014 at 5:50 AM, I wrote: > One of mine is being DDOSed today. > Zenaan Harkness wrote: > > > >>> I think it is unusual. > >>> > >>> Are you just checking the tor log to see this? > >> > >> OK, so I am being DOSed then. > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Are zealous connections to directory port common?
Not sure I should disclose them in a public forum, but somewhat obfuscated they are: 5.0.137.xx - Syria - 455 connections 66.150.6.xx - Groundspeak, Inc - 108 connections 72.78.110.xx - Verizon - 202 connections 68.101.234.xx - Cox Communications - 51 connections etc. It seems there were attempts before I even published the directory port (it is default anyway), but I was not identifying the actual connections before, only the count. Why would any IP address need more than one (or several simultaneous) connection is beyond me. On 03/14/2014 09:48 AM, Greg W wrote: What are the IPs connecting to you? I've been watching my firewall logs here recently and see several hosts from several distinct subnets consistently trying to connect to TOR related ports. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Are zealous connections to directory port common?
Those don't match up with any of the weird connections I've been seeing. *shrugs* On Fri, Mar 14, 2014 at 11:23 AM, Tora Tora Tora wrote: > Not sure I should disclose them in a public forum, but somewhat obfuscated > they are: > > 5.0.137.xx - Syria - 455 connections > 66.150.6.xx - Groundspeak, Inc - 108 connections > 72.78.110.xx - Verizon - 202 connections > 68.101.234.xx - Cox Communications - 51 connections > etc. > > > It seems there were attempts before I even published the directory port > (it is default anyway), but I was not identifying the actual connections > before, only the count. Why would any IP address need more than one (or > several simultaneous) connection is beyond me. > > > > > On 03/14/2014 09:48 AM, Greg W wrote: > >> What are the IPs connecting to you? I've been watching my firewall logs >> here recently and see several hosts from several distinct subnets >> consistently trying to connect to TOR related ports. >> > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Are zealous connections to directory port common?
On Fri, Mar 14, 2014 at 12:23:50PM -0400, Tora Tora Tora wrote: > Why would any IP address need > more than one (or several simultaneous) connection is beyond me. See https://trac.torproject.org/projects/tor/ticket/9969 for one case. I wonder if these are clients running Tor versions from back before we did directory fetches tunnelled over the ORPort -- clients from that long ago would launch quite a few requests to the DirPort of various relays, and since we disabled the v2 directory status documents, maybe there's a bug where they keep asking if they don't have anything they like. --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Are zealous connections to directory port common?
On 03/14/2014 02:45 PM, Roger Dingledine wrote: ... See https://trac.torproject.org/projects/tor/ticket/9969 for one case. I wonder if these are clients running Tor versions from back before we did directory fetches tunnelled over the ORPort -- clients from that long ago would launch quite a few requests to the DirPort of various relays, and since we disabled the v2 directory status documents, maybe there's a bug where they keep asking if they don't have anything they like. Interesting. I hope it was just a bug. Still 400+ connections a minute on a single Guard relay is a bit annoying. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays