Hi guys
The provider for one of my VPSs, running my tor node tor.baldric.net has shut it down (unilaterally and without telling me) a couple of times this month, most recently today. Their response to my query as to why is that they say they are seeing a large DDOS attack on the VPS server hosting my node, apparently aimed at my address.
I shut tor down while I investigated and when running nethogs I noticed a shed load of attempted connections to my tor port (443) from non-tor addresses. A snapshot is at http://rlogin.net/tor/incoming.png
Anyone else seeing anything similar? I can't believe I'm the only node being poked.
Cheers
Mick
---------------------------------------------------------------------
blog: baldric.net gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
---------------------------------------------------------------------
On Sat, 29 Dec 2012 22:07:59 +0000 mick mbm@rlogin.net allegedly wrote:
I shut tor down while I investigated and when running nethogs I noticed a shed load of attempted connections to my tor port (443) from non-tor addresses. A snapshot is at http://rlogin.net/tor/incoming.png
Anyone else seeing anything similar? I can't believe I'm the only node being poked.
On further investigation, I think many of those addresses are likely to be tor related, possibly clients attempting to join tor through my node.
How long does it take from the time a node is shut down to the point where no-one will attempt to connect through it?
Mick
---------------------------------------------------------------------
blog: baldric.net gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
---------------------------------------------------------------------
On Sat, Dec 29, 2012 at 11:44:29PM +0000, mick wrote:
On Sat, 29 Dec 2012 22:07:59 +0000 mick mbm@rlogin.net allegedly wrote:
I shut tor down while I investigated and when running nethogs I noticed a shed load of attempted connections to my tor port (443) from non-tor addresses. A snapshot is at http://rlogin.net/tor/incoming.png
Anyone else seeing anything similar? I can't believe I'm the only node being poked.
On further investigation, I think many of those addresses are likely to be tor related, possibly clients attempting to join tor through my node.
How long does it take from the time a node is shut down to the point where no-one will attempt to connect through it?
Mick
Hi Mick,
Technically clients will attempt to use your node until the majority of the directory authorities agree your node is no longer reachable (should not take more than a little over 1 hour, assuming I understand the code correctly) plus 3 hours (a client considers a consensus valid for at most 3 hours), so roughly 4 hours. However, because some clients have incorrectly set clocks, connections will most likely trickle in past this point. I think after 5 hours no valid clients should still try to connect.
HTH, Matt
On Sat, 29 Dec 2012 21:44:35 -0500 Matthew Finkel matthew.finkel@gmail.com allegedly wrote:
How long does it take from the time a node is shut down to the point where no-one will attempt to connect through it?
Mick
Hi Mick,
Technically clients will attempt to use your node until the majority of the directory authorities agree your node is no longer reachable (should not take more than a little over 1 hour, assuming I understand the code correctly) plus 3 hours (a client considers a consensus valid for at most 3 hours), so roughly 4 hours. However, because some clients have incorrectly set clocks, connections will most likely trickle in past this point. I think after 5 hours no valid clients should still try to connect.
Matt
That does indeed help. Thank you.
I guess that what I was seeing was mostly tor client attempts. As for my VPS provider, they still haven't answered my questions as to why they shut down my machine without telling me. I suspect the DDOS excuse was just that, an excuse. I'm probably one of the few users who actually get anywhere near the full bandwidth allocation I pay for. Given that the VPS is cheap (and probably on a box which is oversold) it's entirely possible my usage is stretching the resource, and they don't like that.
Ho Hum. Time to look for another provider.
Cheers
Mick ---------------------------------------------------------------------
blog: baldric.net gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
---------------------------------------------------------------------
On Sun, 30 Dec 2012 12:33:45 +0000 mick mbm@rlogin.net allegedly wrote:
Ho Hum. Time to look for another provider.
And in looking at alternatives I found this http://stormvz.com/terms.html on one site. The fourth "prohibited usage" item, lumps Tor in with Phishing Sites and Proxy Scanners.
I've told them I'm disappointed, but getting UK based VPSs with useful amounts of bandwidth for tor is getting harder.
My good wishes to all for 2013.
Mick
---------------------------------------------------------------------
blog: baldric.net gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
---------------------------------------------------------------------
Am 31.12.2012 15:37, schrieb mick:
On Sun, 30 Dec 2012 12:33:45 +0000 mick mbm@rlogin.net allegedly wrote: on one site. The fourth "prohibited usage" item, lumps Tor in with Phishing Sites and Proxy Scanners.
Greed is an enemy of freedom. At one side greedy people who abuse the tor network for spamming, phishing, botnets etc. and at the other side greedy people who want to sell more bandwith than they actually have and therefore forbid their paying customers to actually use what they pay for.
Regards Peter
On Mon, 31 Dec 2012 14:37:52 +0000 mick mbm@rlogin.net wrote:
on one site. The fourth "prohibited usage" item, lumps Tor in with Phishing Sites and Proxy Scanners.
There are two reasons why VPS providers disallow Tor:
1) They don't *really* want to provide the amount of bandwidth they advertise (i.e. their network is highly oversold), and Tor is known as a very high bandwidth consumption application.
2) No VPS provider will let you run an exit node; and some just disallow Tor wholesale in fear that a user might run one due to misinterpreting finer details about Tor in the AUP, and/or accidentally.
I've told them I'm disappointed, but getting UK based VPSs with useful amounts of bandwidth for tor is getting harder.
I don't think you should care all that much that your Tor middle node needs to be in any specific country. My current recommendations would be:
1) DigitalOcean in NY and Amsterdam, unmetered 1 Gbit VPS for $5/mo (actually Tor can't use it all due to maxing out the CPU at ~25+25 mbit), did about 15TB a month with no issues -- http://www.digitalocean.com/
2) PrismaVPS in the US, 4TB/mo at 1 Gbit for $5.
Also keep an eye for unmetered or high-bandwidth VPS offers and reviews on http://www.lowendbox.com/ and it's discussion forum http://www.lowendtalk.com/
On Mon, 31 Dec 2012 21:00:13 +0600 Roman Mamedov rm@romanrm.ru wrote:
There are two reasons why VPS providers disallow Tor:
Well and of course the third reason would be just general ignorance & FUD about Tor.
- PrismaVPS in the US, 4TB/mo at 1 Gbit for $5.
Forgot to put a link - http://www.prismavps.com/
Also keep an eye for unmetered or high-bandwidth VPS offers and reviews on http://www.lowendbox.com/ and it's discussion forum http://www.lowendtalk.com/
One more place would be the offers section of WHT: http://www.webhostingtalk.com/forumdisplay.php?f=104
Before buying, be sure to check community reviews and think twice before getting into a longer-term paid deals (e.g. annual) with any provider.
This might be a bit of a shameless plug, but I used to use bitfolk ( bitfolk.com) - they have a generous allowance of bandwidth and allow tor as long as you set it up correctly.
On Mon, 31 Dec 2012 15:03:46 +0000 Daniel Case danielcase10@gmail.com allegedly wrote:
This might be a bit of a shameless plug, but I used to use bitfolk ( bitfolk.com) - they have a generous allowance of bandwidth and allow tor as long as you set it up correctly.
Daniel
I looked at bitfolk a while ago. They don't offer nearly enough transfer for a tor node or for my tails mirror (I want at least 1TB per month for each of them).
For my own domestic usage (email/web server) I need a good solid stable provider and have been with bytemark for several years (most latterly on bigv.io). They are rock solid (and I have run a tor node with them in the past) but they don't offer the bandwidth I need at the price I am prepared to pay either. (Two reasonably high bandwidth VPS at bytemark prices would come to around 100 UKP per month (say 160 USD per month).
Call me cheap, but I do this for free.
Mick
---------------------------------------------------------------------
blog: baldric.net gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
---------------------------------------------------------------------
On Mon, Dec 31, 2012 at 03:03:46PM +0000, Daniel Case wrote:
This might be a bit of a shameless plug, but I used to use bitfolk ( bitfolk.com) - they have a generous allowance of bandwidth and allow tor as long as you set it up correctly.
I know from personal experience that Andy from bitfolk is a stand-up guy. If you have any concerns or questions he'll give you a straight answer and a fair deal.
-troy
tor-relays@lists.torproject.org
-
Daniel Case -
Matthew Finkel -
mick -
Peter Guhl -
Roman Mamedov -
Troy Arnold