-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
[moved to tor-relays]
Hi relay ops,
please consider having a regular look at your logs after upgrading to the latest tor releases to spot relay_early attacks (even if the attack origin is not directly attributable from a relays point of view).
searching your logs for
'Received an inbound RELAY_EARLY cell'
should do it.
https://gitweb.torproject.org/tor.git/commitdiff/68a2e4ca4baa595cc4595a511db...
It doesn't have to decrypt the stream to see it, because whether a cell is relay or relay_early is a property of the (per hop) link, not a property of the (end-to-end) stream.
Does a patched relay also create a log entry as soon as it "kills" the circuit or is logging only happening on tor instances acting as clients?
The patched relay also does a log message, yes.
But the relay can only see its immediate neighbor in the circuit, so it will only log that. Whether the attacking relay is that (adjacent) one, or one farther on the circuit, isn't something your relay can learn.