On 20 Dec (11:21:57), David Goulet wrote:
Hi everyone!
I'm David and I'm part of the core development team in Tor. A few minutes ago I just sent this to the tor-project@ mailing list about the DDoS the network is currently under:
https://lists.torproject.org/pipermail/tor-project/2017-December/001604.html
There is not much more to say about this right now but I wanted to thanks everyone here for running a relay, this situation is not pleasant for anyone especially for relay operators for which you need to deal with this attack (and extra bonus point during the holidays for some...).
Second, everyone who provided information, took the time to dig in this problem and sent their findings on this list was a HUGE help to us so again, thank you very much for this.
We will update everyone as soon as possible on the status of the tor releases that hopefully will contain fixes that should help mitigate this DDoS.
Hi again everyone!
We've just released 0.3.2.8-rc that contains critical fixes in order for tor to deal with the ongoing DDoS:
https://lists.torproject.org/pipermail/tor-talk/2017-December/043844.html
Packagers have been notified also so hopefully we might get them soonish.
If you are running a relay version >= 0.3.2.x (currently 281 relays in the network), please update as soon as you can with the latest tarball or latest git tag.
For the others still on <= 0.3.1.x, we do have a fix that hasn't been released yet and we'll hopefully have more soon.
In the meantime, I will repeat the recommendation we have until we can roll up more DoS defenses. If you are affected by this DDoS, set the MaxMemInQueues to a value that reflects the amount of *available free* RAM your machine, not the total amount of RAM.
For instance, if you have a server with 16GB of RAM but only 8GB are free, setting the MaxMemInQueues value to or below 8GB is the wise thing to do until this DDoS is resolved. Of course, the more you can offer the better!
The reason for this is to force "tor" to trigger its OOM (Out Of Memory handler) before it is too late. This won't reduce the load but it will make the relay stay alive, not go out of memory and hopefully stay in the consensus.
Thanks everyone for your help! David