Hi
Just short: i noticed the high rate of ssh abuse mails. So I started to test to reject (via tor config) the ssh port. Traffic and load now looks a lot better. So it seems to be a brute force attack which slows down the exit due to too much too small packets.
Tim PS: @teor: did you forgot the cc's?
Am 20. August 2019 08:05:36 MESZ schrieb teor teor@riseup.net:
Hi,
On 15. Aug 2019, at 16:43, Tim Niemeyer tim@tn-x.org wrote:
Signed PGP part Hello
I've noticed a reduction in tor traffic about 50% since Sunday. The
cpu
load stayed almost same. The amount of TCP Sessions increased from
~34k
to ~65k. Also the abuse rated about network scans got increased
since
Sunday.
Does anyone knows what's there going on?
My guess is that since Sunday anyone uses Tor for extended network scans, which results in a very high packet rate.
Personally I've no problem with some network scans, but this is a
bit
annoying and I asked myself if this is still a scan or more a DOS.
https://metrics.torproject.org/rs.html#search/family:719FD0FA327F3CCBCDA0D4E...
On Aug 19, 2019, at 21:45, niftybunny
abuse-contact@to-surf-and-protect.net wrote:
Same here +1
On 20 Aug 2019, at 14:35, Larry Brandt lbrandt@cni.net wrote:
This may be similar to my situation with my Finland exit relay [1].
I was finally forced to deal with kern overload that shut my cpu down. I had several thousand IP's without hashed fingerprints opting to get into Tor. A combination of hardening, banning and increasing kern processing to 100,000 helped. Since then I have a Consensus Weight of 600 rather than the 8000 before the intrusion. Strange thing: ufw banning and reboot does not seem to stop a few of the Iranian IP addresses--they're still there.
We think this is a result of Iranian censorship, I think the anti-censorship team are working on the issue. I've cc'd Philipp for more info.
On 20 Aug 2019, at 12:56, John Ricketts john@quintex.com wrote:
reduction++;
This could be a result of load balancing changes due to Rob's bandwidth experiment.
CPU overloads could also be a result of load balancing changes. The tests only used a few large bandwidth circuits, but the CPU usage of lots of small circuits is much higher.
I've cc'd Rob to get his opinion.
T