On 1/15/24 3:19 PM, Chris Enkidu-6 wrote:
I've noticed a new kind of possible attack on some of my relays, as early as Dec.23 which causes huge spikes of outbound traffic that eventually maxes out RAM and crashes Tor. The newest one today lasted for 5 hours switching between two of the three relays on the same IP.
I have included charts and excerpts from the log in my post in Tor forum at below link:
I've noticed this as well, on 0.4.8.10 across FreeBSD and Alpine platforms, against relays too new to receive any meaningful traffic from regular clients. MaxMemInQueues does not prevent the relay's eventual saturation of available memory on the system. The relays operated as exit nodes.
We're low on memory (cell queues total alloc: 6336 buffer total alloc: 1556480, tor compress total alloc: 1073827425 (zlib: 0, zstd: 0, lzma: 1073827249), rendezvous cache total alloc: 0). Killing circuits│withover-long queues. (This behavior is controlled by MaxMemInQueues.)