Greetings,<br><br>I just recently started running an exit node (newbie) on a vps and have a few questions that I didn't seem to find googling.<br><br>I am running tor-devel-0.2.2.5.alpha with openssh-portable-overwrite-base-5.2.p1_2,1 and privoxy 3.0.12 (plus fail2ban python25) on freebsd 7.2 amd64 on a quad core 2.4 ghz c2d VPS<br>
<br>The one issue that I'm a little perplexed on and I'm not really sure what it can be is my load averages. Nothing is running on the machine except what is required to run Tor.<br>sendmail and bsnmpd does run but those processes couldn't account for the loads..<br>
An example is 1 user, load averages: 1.32, 0.81, 0.79<br>The nic on the machine is re0 and I have enabled device polling in the kernel.<br>The machine is pushing anywhere from 1-2.~ MB/s <br>I understand the load will increase with the traffic yet these load avg's seem pretty high for that amount of traffic. No errors are given about running out of open sockets and their is plenty of openfiles overhead for the system as well.<br>
I'm not sure if this is to be expected or if I can tune this VPS to ease the load a little more?<br>My fbsd machine (7.2 amd64) here at home doesn't exhibit the same load when I hammer the network interface but it's a different nic and isn't a VPS..<br>
This all may be normal (load avg) but since this is the first time I am wading in the pool I thought I'd ask if anyone can confirm this is to be expected or if I should tune another system variable to try and lower my loads more. <br>
Maybe relevant or not yet;<br>I read one of the operators (blutmagie?) compiled openssl with icc and they saw some performance gain but it seems icc will not install on the amd64 platform. I was curious to try that though. If there is some compiling options on the amd64 platform I can try I would be willing.<br>
<br>Next; I am curious about privoxy, does anyone have it configured with their ip<br>in the listen address or do they leave it as 127.0.0.1? <br>listen-address <a href="http://127.0.0.1:8118">127.0.0.1:8118</a><br>I would like to be able to connect to the machine directly myself, to hop onto the tor network,<br>
and this seems the place to do so. What vulnerabilities does one open up though by allowing anyone to connect to that? It's chained to Tor but again I'm not sure if that is such a good idea or not to open it. ( I originally had it configured to my machine ip and I could indeed connect to the Tor network but changed it back until I could hear feedback on this)<br>
<br>One last question is..<br>Is it normal for Tor nodes to get hammered with this in their web logs?<br>client sent invalid method while reading client request line, "^SBitTorrentprotocol^@^@^@^@^@^P^@^EEÀEíT+A°^U^R"<br>
I recorded over 2k of these hits in the first hour Tor was running. When I initially ran Tor<br>I wasn't getting these, when I first logged into the VPS I wasn't getting these, I can't quite give an exact time frame when these started happening but it wasn't long after I had Tor running for about an hour and than these started coming and haven't stopped.<br>
I actually shut down the web server because of the loads I'm currently experiencing and didn't want a connection every 3 seconds of this garbage.<br>I understand people will run torrents through Tor but this doesn't seem to be the case, it appears that this VPS IP somehow was tied into a seed box somewhere at some time. <br>
Maybe it is an exploit and now that the IP is live everyone in china is trying for a fresh piece of meat..<br><br>Here is some output, this is mostly httpd with some sshd connections thrown in.<br>The bulk of these came in the first 15 minutes of the server starting and the web server automatically running before I could shut it down.<br>
ipfw show | grep 400 -c (400 being the rule for all of these connections)<br>3311<br> uptime<br>11:14AM up 18:38, 1 user, load averages: 0.60, 0.82, 0.82<br><br>now here are some numbers when I start the web server back up in comparison..<br>
ipfw show | grep 400 -c<br>3482<br> uptime<br>11:30AM up 18:54, 1 user, load averages: 1.48, 0.97, 0.87<br>those 100 extra bans all came in the whole 1:30 of running the server.<br><br>That's all that I can think of for now that I have been wondering about for the last few days.<br>
<br>Thanks<br>Mike<br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>