1

I'm a user with a consumer level modem and a plain wifi router. I have been seeing activity where for long periods of time over night, my internet connection will shut off for 10-20 minutes at a time. I have a suspicion that my ToR mid-node is being DDOSed. However, this is not easy to diagnose with the equipment I have, as any DDOS has the same symptoms as other problems. The logs which would normally be available on professional and enterprise equipment are not something that I have access to.

During the outages, all nodes are reachable on the network, including the router.

With only consumer-grade equipment, how can one diagnose whether an outage is due to a DDOS, or not due to a DDOS?

Improve this question
4
  • 1
    "... my internet connection will shut off for 10-20 minutes" - If your internet connection is actually shut off (instead of just occupied by traffic) then you cannot see what traffic this might have caused since the traffic is only visible at the ISP end. So you need to check with your ISP what is happening.
    – Steffen Ullrich
    Commented Jun 10 at 5:34
  • What logs do you have access to? and this sounds like an ISP support question.
    – schroeder
    Commented Jun 10 at 7:30
  • This could be a network configuration issue. If the Internet "shuts off", then try to determine what works and doesn't. For example, try pinging an IP address, and if it work, then you may have a DNS issue. You should have a look at your routing table too. Your network topology is not known, for example are you accessing the Internet through the Tor relay you set up? If yes, what happens if you bypass it? And in fact, your Tor box may already have tools available but here is one for you.
    – Kate
    Commented Jun 10 at 18:59
  • OP, what do the Tor logs show? Just saw this question now but it has taken my interest. Do you have any more information?
    – security_paranoid
    Commented Jun 29 at 0:46

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .