tor-relays August 2014

tor-relays@lists.torproject.org

72 participants
45 discussions

Re: [tor-relays] Exit Nodes under DDOS attacks
by tor＠t-3.net 04 Aug '14

04 Aug '14

We never had our exit nodes become the targets of DDOS attacks HOWEVER, we occasionally see abuse complaints due to someone abusing Tor to DDOS attack other targets. Perhaps that's what you're seeing?

3 2

Running an AWS bridge on eu-west-1?
by tor-question＠puti.de 04 Aug '14

04 Aug '14

2 2

Learn Linux free for beginners
by I 02 Aug '14

02 Aug '14

A free online course from The Linux Foundation for beginners begins today. https://www.edx.org/

3 2

'relay early' attack detection at the infrastructure level
by Nusenu 02 Aug '14

02 Aug '14

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 [moved to tor-relays] Hi relay ops, please consider having a regular look at your logs after upgrading to the latest tor releases to spot relay_early attacks (even if the attack origin is not directly attributable from a relays point of view). searching your logs for 'Received an inbound RELAY_EARLY cell' should do it. https://gitweb.torproject.org/tor.git/commitdiff/68a2e4ca4baa595cc4595a511d… >>> It doesn't have to decrypt the stream to see it, because >>> whether a cell is relay or relay_early is a property of the >>> (per hop) link, not a property of the (end-to-end) stream. >> >> Does a patched relay also create a log entry as soon as it >> "kills" the circuit or is logging only happening on tor instances >> acting as clients? > > The patched relay also does a log message, yes. > > But the relay can only see its immediate neighbor in the circuit, > so it will only log that. Whether the attacking relay is that > (adjacent) one, or one farther on the circuit, isn't something your > relay can learn. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJT3Bt6AAoJEDcK3SCCSvoensYQAJnuXhPNbhdJF7C6P9L8elG7 elPinCK6vmTbRXCoQam5j1VeL9C3FCBv415s811hfZxA37K17VdiKoS1NXB2kzkW 7WvL5/lH8culr83GTxrca0m7i2x6n0gCPOVPUWI3Go5bzwlsEidZsj7V14h2lfXH Ew8ZavvL0SLnRYJTvcjzqrWf3L8LsfYou6R2Y7yn085rGaGtUyVkQM44G9Zy3TVY 3lS4XqkZekXmmKjP06JjWdFMFdkaQhItbcdn3fF131ptlZlM5hFUaEpZHbpLLcjz fgJOt36jlkfILKRvxGyzcI118wmgrFVJFz9d7fuLVOdekK49aWxKh9Yh2aAekQEn Z3uF/eskL+Txptrc7iEKuWQZVlEkA8WVaQ70F1ADD/irln6ShJ17zrKqJ0qtaYlU V+CNfj/v2R6AgRhbVsNRdq8SWhDz4Nk4WgdYoUvxzgM1jmkAhQamlkC4f6JCqVQE /O0qeuXr/Z02pBwshcZlqKnBmPtuilSZwmlstIEfPAX9Tg6S1a0B/ycp3ByyJHJP QUNKwJ/cHtLpdPmIh2XUOT/5Kf10qmrLP5amYdRtBh304GoeHir3N/zfPmxdLfy7 Spb8W4p2C1HITzRlb9J97OGdKOR/2OOziZHOWZimF5O3fsrzsXQZe3Wlwbt5AxtY LJ5aXCUjNJ/TXe93nSQH =3FwX -----END PGP SIGNATURE-----

4 5

More attack traffic against Tor detected on exit relay
by tor＠t-3.net 01 Aug '14

01 Aug '14

IPTables rule involved: -A INPUT -p tcp -m string --hex-string "|00002800390038008800870035008400160013000a00330032009a009900450044002f00960041000500ff020100000400230000|" --algo kmp -j LOG --log-prefix "IPTables-GFC-new " -A INPUT -p tcp -m string --hex-string "|00002800390038008800870035008400160013000a00330032009a009900450044002f00960041000500ff020100000400230000|" --algo kmp -j DROP Logs generated Wednesday from hits against these rules: Jul 30 13:44:38 Libero2-vserver kernel: IPTables-GFC-new IN=eth0 OUT= MAC=00:16:3e:21:6d:34:00:21:d8:25:c0:20:08:00 SRC=1.50.250.198 DST=64.113.44.206 LEN=147 TOS=0x08 PREC=0x20 TTL=44 ID=21838 DF PROTO=TCP SPT=13717 DPT=9001 WINDOW=46 RES=0x00 ACK PSH FIN URGP=0 Jul 30 13:44:59 Libero2-vserver kernel: IPTables-GFC-new IN=eth0 OUT= MAC=00:16:3e:21:6d:34:00:21:d8:25:c0:20:08:00 SRC=175.152.3.46 DST=64.113.44.206 LEN=147 TOS=0x00 PREC=0x00 TTL=50 ID=21839 DF PROTO=TCP SPT=49229 DPT=9001 WINDOW=46 RES=0x00 ACK PSH FIN URGP=0 Jul 30 13:45:41 Libero2-vserver kernel: IPTables-GFC-new IN=eth0 OUT= MAC=00:16:3e:21:6d:34:00:21:d8:25:c0:20:08:00 SRC=124.90.49.99 DST=64.113.44.206 LEN=147 TOS=0x00 PREC=0x00 TTL=49 ID=21840 DF PROTO=TCP SPT=10200 DPT=9001 WINDOW=46 RES=0x00 ACK PSH FIN URGP=0

2 1

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-relays August 2014