On 28 Jul 2017, at 03:48, Vort vvort@yandex.ru wrote:
This sort of thing has been going on for many years. I used to referto it as "mobbing". As nearly as I was ever able to determine, the behavior is an unintended consequence of hidden services.
Same thing started to happen today and I have noticed that 100% CPU usage spikes happens every hour and lasts for several minutes. During this spikes, all cores of CPU are used and stack trace points somewhere at worker_thread_main() function. Also today relay have more connections than usually (5500 vs 2000-3000). Is this pattern matches the characteristics of hidden services work?
...
Jul 27 18:08:31.000 [notice] Circuit handshake stats since last time: 5198/5200 TAP, 3994625/3995090 NTor.
TAP is used for hidden services to connect to intro and rendezvous points, and you're not seeing many extra TAP connections.
So *if* this is related to hidden services, it is not connecting to the hidden service directly. Instead, it is sending (exit?) traffic through the relays in the hidden service circuit.
The upcoming link padding may partially defend against this, depending on whether guard nodes are being targeted. Otherwise, we would need to use circuit padding, which is an area of active research.
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------