This morning I got my first Tor traffic flood since upgrading to 2.4.x. Logs didn't say anything about not being able to handle the amount of circuit creation requests, but it showed a 200x increase in active TAP circuits (~400k/hour) and the traffic pattern is the same: Advertising 100kb bandwidth, but slammed with ~2Mb traffic.
When I saw it, I checked my relay's flags, and it has the stable flag, and has been tagged stable for at least 3 days. It's been up for 7 days.
I would love to contribute data to help correlate w/ your findings Gordon. Any metrics or logs that would be particularly helpful? I currently use NTop to measure traffic, but it's not very granular.
I also currently don't use any iptables rules to throttle, but am happy to experiment with that if you want me to try out any particular configurations.
Dan
On 11/01/2013 05:30 PM, Gordon Morehouse wrote:
huh, well, near as I can tell, I didn't get Stable for any time represented yesterday (2013-10-31) for the node VastCatbox.
So maybe that theory is incorrect. In that case I don't know what would trigger the SYN flood behavior other than Roger's idea about becoming an introducer for a popular HS, but... eh... seems like a stretch, a node offering 2.5Mbps that isn't flagged Stable?
-Gordon
On Fri, 1 Nov 2013 13:10:17 +0100, David Serrano tor@dserrano5.es wrote:
On 2013-10-31 10:04:02 (-0700), Gordon Morehouse wrote:
I can't verify it, but my suspicion is this is happening when I get my Stable flag (I have no idea if I'd gotten it back this morning or not) or shortly thereafter.
You can use https://metrics.torproject.org/relay-search.html and enter your IP address to figure that out.
-- David Serrano GnuPG id: 280A01F9 _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays