I am off for a couple of hours - if I can give some more information or ask my ISP for something later on please let me know?
What should I do to stop this in the future and get the restrictions off from my ISP? Thanks Paul Am 01.08.2016 um 15:17 schrieb Markus Koch: > If this is a synflood or any other ddos attack on his vps the tor server > would not relay the attack and in and outgoing traffic would be vastly > different. > > Sent from my iPad > >> On 01 Aug 2016, at 15:12, teor <teor2...@gmail.com> wrote: >> >> >>> On 1 Aug 2016, at 23:08, Markus Koch <niftybu...@googlemail.com> wrote: >>> >>> Looks like DOS/DDOS.Is it even possible to DDOS over tor? >> >> It's possible to (D)DOS any server using ping (or DNS, or any other UDP >> responder). >> All an attacker needs is the server's IP address, which is publicly >> available in the Tor consensus. >> Then they can attack the relay from the Internet. >> >> There's no need to use Tor to tunnel the (D)DOS. In this case, Tor doesn't >> tunnel UDP, so it's unlikely to be the culprit. >> >> Tim >> >>> >>> >>> 2016-08-01 15:04 GMT+02:00 pa011 <pa...@web.de>: >>>> yes about the same - sorry for the page brake dont get it solved in my >>>> thunderbird >>>> >>>> h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) h rx (KiB) >>>> tx (KiB) >>>> 23 6.559.929 6.748.215 07 4.697.285 4.845.893 15 35.106.193 >>>> 35.833.114 >>>> 00 5.129.384 5.289.456 08 12.317.567 12.605.726 16 0 >>>> 0 >>>> 01 3.709.181 3.843.988 09 14.913.172 15.278.079 17 0 >>>> 0 >>>> 02 4.405.017 4.574.745 10 22.218.874 22.738.508 18 102.138 >>>> 144.732 >>>> 03 4.670.091 4.817.785 11 25.700.571 26.306.505 19 275.999 >>>> 340.633 >>>> 04 4.711.807 4.853.921 12 32.840.796 33.571.996 20 271.278 >>>> 382.087 >>>> 05 4.269.354 4.408.417 13 32.910.527 33.637.092 21 263.147 >>>> 383.444 >>>> 06 5.279.142 5.443.890 14 40.052.678 40.824.138 22 176.040 >>>> 258.865 >>>> >>>> >>>>> Am 01.08.2016 um 14:51 schrieb Markus Koch: >>>>> In and outgoing traffic is the same size? >>>>> >>>>> >>>>> >>>>> 2016-08-01 14:44 GMT+02:00 pa011 <pa...@web.de>: >>>>>> The ISP didn’t mention - I would have to ask. >>>>>> >>>>>> What I saw was that the traffic was up about linear from usually 30Mbits >>>>>> to above 100 Mbits over about 6 hours, bringing the CPU to 100% and >>>>>> dropping. >>>>>> >>>>>> >>>>>>> Am 01.08.2016 um 14:36 schrieb Markus Koch: >>>>>>> How many packets per second? >>>>>>> >>>>>>> Markus >>>>>>> >>>>>>> >>>>>>> >>>>>>> 2016-08-01 14:28 GMT+02:00 pa011 <pa...@web.de>: >>>>>>>> Hello, >>>>>>>> >>>>>>>> one of my middle relays got auto limited by the ISP because of >>>>>>>> "outgooing UDP flooding ". >>>>>>>> >>>>>>>> The VPS is pure debian8, fail2ban, pub key and nothing else installed - >>>>>>>> so I highly doubt the give reason for the traffic limitation. >>>>>>>> Also I cant find anything in the log files. >>>>>>>> >>>>>>>> Anybody having experience with such an issue? >>>>>>>> What to check for please? >>>>>>>> >>>>>>>> Paul >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> tor-relays mailing list >>>>>>>> tor-relays@lists.torproject.org >>>>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>>>>>> _______________________________________________ >>>>>>> tor-relays mailing list >>>>>>> tor-relays@lists.torproject.org >>>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>>>>> _______________________________________________ >>>>>> tor-relays mailing list >>>>>> tor-relays@lists.torproject.org >>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>>>> _______________________________________________ >>>>> tor-relays mailing list >>>>> tor-relays@lists.torproject.org >>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>>> _______________________________________________ >>>> tor-relays mailing list >>>> tor-relays@lists.torproject.org >>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>> _______________________________________________ >>> tor-relays mailing list >>> tor-relays@lists.torproject.org >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> >> Tim Wilson-Brown (teor) >> >> teor2345 at gmail dot com >> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B >> ricochet:ekmygaiu4rzgsk6n >> xmmp: teor at torproject dot org >> >> >> >> >> >> _______________________________________________ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
