On Sun, 2016-07-31 at 14:54 +0100, Jonathan Baker-Bates wrote:
> I think this issue has been discussed here before.
>
> The general opinion on the list is that it's not a good idea to
> run an exit at home. It's probably not worth the hassle.
For the peace of the mind and of the home sure.
OTOH
Hello,
one of my middle relays got auto limited by the ISP because of
"outgooing UDP flooding ".
The VPS is pure debian8, fail2ban, pub key and nothing else installed -
so I highly doubt the give reason for the traffic limitation.
Also I cant find anything in the log files.
Anybody having experi
How many packets per second?
Markus
2016-08-01 14:28 GMT+02:00 pa011 :
> Hello,
>
> one of my middle relays got auto limited by the ISP because of
> "outgooing UDP flooding ".
>
> The VPS is pure debian8, fail2ban, pub key and nothing else installed -
> so I highly doubt the give reason for the
The ISP didn’t mention - I would have to ask.
What I saw was that the traffic was up about linear from usually 30Mbits
to above 100 Mbits over about 6 hours, bringing the CPU to 100% and
dropping.
Am 01.08.2016 um 14:36 schrieb Markus Koch:
> How many packets per second?
>
> Markus
>
>
>
> 2
How can a Tor relay flood UDP? I thought everything was TCP?
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 01.08.2016 08:15, stig atle steffensen wrote:
> I decided today to turn the node into a non-exit node this morning.
> The stress of not knowing if something will happen again is too much for
> me to go around thinking about.
What hoster did you use? You mentioned the server being located in swed
> On 1 Aug 2016, at 22:47, Tristan wrote:
>
> How can a Tor relay flood UDP? I thought everything was TCP?
Exits can flood an under-resourced DNS server quite easily.
That's why we recommend a local DNS resolver / cache.
But this particular relay is not an exit.
Perhaps it was a (D)DoS attack
In and outgoing traffic is the same size?
2016-08-01 14:44 GMT+02:00 pa011 :
> The ISP didn’t mention - I would have to ask.
>
> What I saw was that the traffic was up about linear from usually 30Mbits
> to above 100 Mbits over about 6 hours, bringing the CPU to 100% and
> dropping.
>
>
> Am 01.
yes about the same - sorry for the page brake dont get it solved in my
thunderbird
h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) h rx (KiB)
tx (KiB)
23 6.559.929 6.748.21507 4.697.285 4.845.89315 35.106.193
35.833.114
00 5.129.384 5.289.45608 12.317.567 12.605.726
Looks like DOS/DDOS.Is it even possible to DDOS over tor?
2016-08-01 15:04 GMT+02:00 pa011 :
> yes about the same - sorry for the page brake dont get it solved in my
> thunderbird
>
> h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) h rx (KiB)
> tx (KiB)
> 23 6.559.929 6.748.21507
> On 1 Aug 2016, at 23:08, Markus Koch wrote:
>
> Looks like DOS/DDOS.Is it even possible to DDOS over tor?
It's possible to (D)DOS any server using ping (or DNS, or any other UDP
responder).
All an attacker needs is the server's IP address, which is publicly available
in the Tor consensus.
T
If this is a synflood or any other ddos attack on his vps the tor server would
not relay the attack and in and outgoing traffic would be vastly different.
Sent from my iPad
> On 01 Aug 2016, at 15:12, teor wrote:
>
>
>> On 1 Aug 2016, at 23:08, Markus Koch wrote:
>>
>> Looks like DOS/DDOS.
I am off for a couple of hours - if I can give some more information or
ask my ISP for something later on please let me know?
What should I do to stop this in the future and get the restrictions off
from my ISP?
Thanks
Paul
Am 01.08.2016 um 15:17 schrieb Markus Koch:
> If this is a synflood or a
strange is the difference in traffic behaivior after that:
h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) h rx (KiB)
tx (KiB)
11 25.700.571 26.306.50519275.999340.63303251.998
384.160
12 32.840.796 33.571.99620271.278382.08704255.947
383.794
13 32
On Mon, 1 Aug 2016 14:28:04 +0200
pa011 wrote:
> Hello,
>
> one of my middle relays got auto limited by the ISP because of
> "outgooing UDP flooding ".
>
> The VPS is pure debian8, fail2ban, pub key and nothing else installed -
> so I highly doubt the give reason for the traffic limitation.
> A
What isp do u have in Sweden , i have had simular isp problems where i have got
a letter in the mail (a real irl letter in paper^^).
tor-relays-requ...@lists.torproject.org skrev: (1 augusti 2016 14:00:12 CEST)
>Send tor-relays mailing list submissions to
> tor-relays@lists.torproject.org
>
I looked at my exit relay's syslog for no specific reason, and saw that it
was flooded with the following message:
kernel: [1736405.162223] TCP: too many orphaned sockets
These messages occur multiple times per second, but they only flood the log
every couple of hours. What is this, and what does
It's related to /proc/sys/net/ipv4/tcp_max_orphans
"Maximal number of TCP sockets not attached to any user file handle, held
by system. If this number is exceeded orphaned connections are reset
immediately and warning is printed."
So, I'd start by checking the value of tcp_max_orphans (with "cat
My default setting was 2048. I changed it to 200,000 for now. I haven't
really played with sysctl at all. The only change I've ever made in there
was for swappiness.
On Mon, Aug 1, 2016 at 8:04 PM, Green Dream wrote:
> It's related to /proc/sys/net/ipv4/tcp_max_orphans
>
> "Maximal number of TCP
19 matches
Mail list logo
