My two cents to previous discussions: https://lists.torproject.org/pipermail/tor-talk/2016-March/040639.html https://lists.torproject.org/pipermail/tor-talk/2016-April/040816.html https://lists.torproject.org/pipermail/tor-talk/2016-June/041058.html
Admin of another hidden service told people he saw the same thing. One day before his server was seized by authorities he found frequently jumping connection speed from 500 Kbit/s to 15 Mbit/s. It isn't clear when the attack was started, but one week before the server's seizure he didn't see anything suspicious. A total lifetime of his server was about 3 months. Admin thinks it could be remote traffic shaping attack (DoS) which helped authorities to discover IP address of his hidden service. In normal operation mode the server speed was about 1 Mbit/s without any jumps. During attack he saw these speed jumps on the client side, but cannot sure the same was seen on the server side. To get more information he wants to enable advanced network logging for his other hidden services which can be attacked. His hidden service was running inside VM, Tor client was running on real hardware and iptables rules were blocking all non-Tor connections from VM. Most likely it isn't a problem on the application side (HTTP server). -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
