<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><font size="-1"><font face="Arial">You may want to check these
links:</font></font></p>
<p><font size="-1"><font face="Arial"><a class="moz-txt-link-freetext" href="https://gitlab.torproject.org/tpo/community/support/-/issues/40093">https://gitlab.torproject.org/tpo/community/support/-/issues/40093</a></font></font></p>
<p><font size="-1"><font face="Arial"><a class="moz-txt-link-freetext" href="https://github.com/Enkidu-6/tor-ddos">https://github.com/Enkidu-6/tor-ddos</a></font></font></p>
<p><font size="-1"><font face="Arial"><a class="moz-txt-link-freetext" href="https://github.com/toralf/torutils">https://github.com/toralf/torutils</a></font></font></p>
<p><font size="-1"><font face="Arial"><br>
</font></font></p>
<div class="moz-cite-prefix">On 10/19/2022 8:47 AM, Logforme wrote:<br>
</div>
<blockquote type="cite"
cite="mid:ee3ab4a7-5d5e-36a1-b62f-f7872394decd@abc.se">I run the
relay 8F6A78B1EA917F2BF221E87D14361C050A70CCC3
<br>
<br>
Like most relays mine has been targeted by the DoS attack.
Hundreds of VPS IPs creating millions of IP connections. This I
mitigated with rules in my firewall. Looking at the firewall
counters it looks like that attack has now stopped.
<br>
<br>
However the relay is still overloaded from lots of circuit
creations. Normally my little relay reports around 100K circuits
open in the log file but since the overloading started it's closer
to 1M circuits open. All these circuit creations put a strain on
the CPU, sometime pegging it at 100% (4 core i5-4670K CPU @
3.40GHz). Worse, it seems to eat memory. Normally the tor process
uses about 3GB (out of 8GB) but I have seen it quickly shoot up to
using all memory and all swap. I assume this is because of the
circuit creation DoS (it's new behavior) and what causes the oom
killer to kill the tor process at least once a day or so.
<br>
<br>
So, how do I mitigate the circuit creation DoS? My immediate
thought is to identify if there are a few IPs responsible for the
majority and add those to my firewall naughty list.
<br>
<br>
Is there a way to query the tor process about number of open
circuits mapped to IP addresses?
<br>
_______________________________________________
<br>
tor-relays mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.org</a>
<br>
<a class="moz-txt-link-freetext" href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a>
<br>
</blockquote>
</body>
</html>