Hi folks,
I have a dedicated Server running with the red H in Germany. https://metrics.torproject.org/rs.html#details/1CD48F4ED0F1821FFBF1940802A13...
Today I received a notification that my server is "under attack" since my server got over the threshold of 300k packets/s. At the time of the mail it seems to be about 450k pps .
I checked a couple of IPs and most of them are other TOR-Relays or Exits.
Would you recommend telling my Hoster that everything is all fine?
Cheers
I get around 6-8k PPS on my node pushing around 65-70MBit/s - 450k seems (very) excessive even though your node has 6 times the capacity and load of my node.
I constantly see other relay operators complaining about D(D)oS attacks on this mailing list, so this could be a legitimate attack.
Could you use iptraf to check for a single offender sending lots of packets?
iptraf wouldn't really help if the attack is distributed across thousands of different source addresses but if there's only a few, obvious offenders ask the Hetzner support team to block these addresses before being routed to your server, they have a system similar to OVH's VAC so maybe that is already taking care of it.
However, traffic reaching your server shouldn't be filtered all the time as there is a (sometimes not so) small amount of false-positives which also get blocked.
I had this issue while I still hosted a node at OVH, during an attack legitimate clients / nodes would get blocked as well, and node traffic dropped from it's usual 14MB/s to below 9MB/s.
Quote from their page:
"Our automated system recognizes almost all attack patterns in advance, allowing it to block the attacks and effectively thwart the vast majority of them."
It is enabled by default for every customer it seems.
A bit off-topic, but consider changing your host to a very unpopular one - Hetzner hosts almost 10% of all Tor nodes.
Network variety is very important.
William
2021-01-22 17:04 GMT, lists.torproject.org@stein-io.de lists.torproject.org@stein-io.de:
Hi folks,
I have a dedicated Server running with the red H in Germany. https://metrics.torproject.org/rs.html#details/1CD48F4ED0F1821FFBF1940802A13...
Today I received a notification that my server is "under attack" since my server got over the threshold of 300k packets/s. At the time of the mail it seems to be about 450k pps .
I checked a couple of IPs and most of them are other TOR-Relays or Exits.
Would you recommend telling my Hoster that everything is all fine?
Cheers
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I have the same problem and my VPS suffers from mysterious random reboots. I'm investigating it now but still have no idea what's going on.
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, January 22, 2021 8:04 PM, lists.torproject.org@stein-io.de wrote:
Hi folks,
I have a dedicated Server running with the red H in Germany. https://metrics.torproject.org/rs.html#details/1CD48F4ED0F1821FFBF1940802A13...
Today I received a notification that my server is "under attack" since my server got over the threshold of 300k packets/s. At the time of the mail it seems to be about 450k pps .
I checked a couple of IPs and most of them are other TOR-Relays or Exits.
Would you recommend telling my Hoster that everything is all fine?
Cheers
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 1/22/21 6:04 PM, lists.torproject.org@stein-io.de wrote:
Today I received a notification that my server is "under attack" since my server got over the threshold of 300k packets/s. At the time of the mail it seems to be about 450k pps .
I do run 2 Tor relays at 1 Hetzner host and do have rcpcks/s and txpcks/s of about 80,000 at that system combined for both relays.
tor-relays@lists.torproject.org
-
kagaminesama -
lists.torproject.org@stein-io.de -
Toralf Förster -
William Kane