On Wed, 18 Sep 2019 12:11, Philipp Winter wrote:
On Mon, Sep 16, 2019 at 12:25:03PM -0700, Porcelain Mouse wrote:
- Can we be pretty sure the bulk of this sudden increase in users is
abuse traffic? If not, is this a problem?
Are most of your new clients from Iran? We believe that some popular third-party software started using our bridges, causing these spikes.
Funny story...my ISP forced an IP changed on me yesterday. Now I'm not getting any traffic at all. From a recent thread on this list, I understand that it could take a while to get back to normal. But, in any case, I cannot check, now. I'll keep that in mind, though, if I get blasted again.
2)What should I do about it, if anything?
There's not much to do at this point. If this is becoming a burden for your bridge, you could change its port(s), which may get rid of these third-party users -- at least temporarily.
Okay, thanks for that suggestion. I will keep that in my bag of tricks for the future. I didn't know that could slow down attacks.
- Would using obfuscation help this problem?
I'm not sure what protocols this third-party software uses. Since you're asking, I assume your bridge only runs vanilla Tor?
I run RPM-base distro and would prefer to stick with packages I can get easily. But, I could build tor for myself, if it came to that. I was specifically thinking of obsf4 when I asked this question, but I only looked into it, briefly, and don't know exactly how it works. I seems like it answers connections for tor, ala inetd and tcp wrappers, and you can just add it to your torrc. Is that not right? Anyway, I guess it doesn't matter, the issue has passed. I just saw your call for obsf4 and couldn't figure out what it does that is useful to the project. I want my node to be useful.
P.S. Sorry about misspelling your name.