anomaly: connectivity issues between internet locations and moria1's IP address
UPDATE: the entire 128.31.0.39 IP address is blackholed from some parts of the internet. So it is not a particular port being overwhelmed or something -- there is a router in the middle of the internet that has a 'drop' rule for this IP address!
Original ticket content:
We get periodic notices on the consensus-health list that
ERROR: Unable to retrieve the consensus from moria1 (http://128.31.0.39:9131/tor/status-vote/current/consensus): Failed to download from http://128.31.0.39:9131/tor/status-vote/current/consensus (URLError <urlopen error timed out>
I just tried it manually and yes indeed,
$ telnet 128.31.0.39 9131
Trying 128.31.0.39...
My dmesg has been spammed for years with messages like
possible SYN flooding on port 9131. Sending cookies.
but it seems we are in a new even more crowded stage now.
I am definitely receiving many many requests, so plenty of them are getting through, but I think even more are failing to get through.
The DDoS resistance mechanisms that we made involve having Tor receive the connection and then note that a particular IP address is being too loud, but if Tor never even receives the connection, those can't kick in. In this case weasel's iptables rules look like the wiser route.
The reason this matters to the network is that relays, including dir auths, use the (lighter weight) dirport to fetch new dir info and to post votes and signatures. I am not seeing problems with the hourly votes yet, so it is not critical, but it is definitely an anomaly.