[tor-relays] Performance issues/DoS from outgoing Exit connections

Hello,

on the evening of 2022-10-18, we (Artikel10) started getting alerts about our Tor servers, while our traffic declined sharply. When we investigated, we found that there were hundreds of thousands of TCP connections (per server) open to a single address, orders of magnitude more than any other address. We blocked this address via “ExitPolicy reject”, then another one, and since then things seem to have improved.

I have thrown together a small Python script to detect this and generate “ExitPolicy reject” lines automatically:
https://github.com/artikel10/surgeprotector

This is still experimental, so if you decide to give the script a try, please keep an eye on it.

Kind regards,
Alexander

···


PGP Key: https://dietrich.cx/pgp | 0x52FA4EE1722D54EB

IMO a "reload tor" is fully sufficient and should be preferrred over
"restart", or ?

Years ago I wrote a bash script, which created for an ip to be blocked
just an own file. Such a file can be easily removed and then tor
reloaded to unblock that ip :wink:

···

On 10/21/22 22:09, Alexander Dietrich wrote:

This is still experimental, so if you decide to give the script a try,
please keep an eye on it.

--
Toralf

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Just tested because Applied Privacy and I have the problem that the exit
policy rules do not work with some IPs¹.

Last night at 10pm: IP 79.137.192.228 had 500k connections. Added the IP to
the exit policy and reloaded tor.

Policy in that order:
ExitPolicy reject 79.137.192.228/32:*
ExitPolicy reject *:22
ExitPolicy reject *:25
ExitPolicy accept *:*

12 hours later the IP still has over 100k connections.
-> systemctl restart tor
1 hour later the IP has 0 connections :slight_smile:

¹ExitPolicy is ignored: tor creates outbound connections to destinations rejected by ExitPolicy (#40676) · Issues · The Tor Project / Core / Tor · GitLab

···

On Samstag, 22. Oktober 2022 22:40:38 CEST Toralf Förster wrote:

On 10/21/22 22:09, Alexander Dietrich wrote:
> This is still experimental, so if you decide to give the script a try,
> please keep an eye on it.

IMO a "reload tor" is fully sufficient and should be preferrred over
"restart", or ?

Years ago I wrote a bash script, which created for an ip to be blocked
just an own file. Such a file can be easily removed and then tor
reloaded to unblock that ip :wink:

--
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

Toralf Förster <toralf.foerster@gmx.de> hat am 22.10.2022 22:40 CEST geschrieben:

IMO a "reload tor" is fully sufficient and should be preferrred over
"restart", or ?

A "reload" will update the ExitPolicy, but not drain existing connections very quickly, at least on our servers. Feel free to use whatever your preferred command/script is, though.

Kind regards,
Alexander

···

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays