
I see on every exit node I check on the metrics page, a massive bump in bandwidth used without a change in exit probability. Is this perhaps an attacker squeezing the bandwidth of the network so people are more likely to use their malicious nodes?

awffelwaffels via tor-relays:
I see on every exit node I check on the metrics page, a massive bump in bandwidth used without a change in exit probability. Is this perhaps an attacker squeezing the bandwidth of the network so people are more likely to use their malicious nodes?
You could mail the bad-relays mailing list with your findings, so the bad-relays team can investigate further.

Hi On 3/3/22 21:12, awffelwaffels via tor-relays wrote: [..] ffelwaffels via tor-relays:
I see on every exit node I check on the metrics page, a massive bump in bandwidth used without a change in exit probability. Is this perhaps an attacker squeezing the bandwidth of the network so people are more likely to use their malicious nodes?
[..]
Do you mean behavior like the following? Feb. 25-26.: FDAA4F76F778215F02B0B02DCE8E8504179BCDC6 Cross-check: https://mcp.loki.tel/munin/par.exit.tor.loki.tel/12.par.exit.tor.loki.tel/to... Feb. 25-26.: FDAA4F76F778215F02B0B02DCE8E8504179BCDC6 Cross-check: https://mcp.loki.tel/munin/vie.exit.tor.loki.tel/04.vie.exit.tor.loki.tel/to... I am not sure about this either. But I can't confirm this increase in my Munin graphs or on the server itself. -- Martin

Hello there.
I see on every exit node I check on the metrics page, a massive bump in bandwidth used without a change in exit probability.
I just checked the metrics page for the relay I operate (791E637A38C715336290E8AC0EB6C99BD02A5F0E) and I noticed a bump similar to the one from FDAA4F76F778215F02B0B02DCE8E8504179BCDC6. However, my relay is not and has never been an exit relay. Also, it looks like the data changed retroactively: I usually check the metrics about once a day and I'm sure I would have noticed the peak of 26/02 the day after - I mean, it is a more than x3 increment from the day before (that also had the highest value ever until then). Should I worry about that? And should I report my own relay to the bad-relays mailing list? Thanks for the help. Eldalië On Thu, 03 Mar 2022 19:01:37 +0000 awffelwaffels via tor-relays <tor-relays@lists.torproject.org> wrote:
-- Eldalië My private key is attached. Please, use it and provide me yours!

Eldalië via tor-relays:
No, it's fine. I am not sure yet what the problem is but I suspect it's a bug in one of our recent code changes. See: https://gitlab.torproject.org/tpo/network-health/metrics/onionoo/-/issues/40... for more details. We've reverted that change for now and things should normalize again assuming the traffic increase you see is indeed related to it. Georg

On 3/3/22 20:01, awffelwaffels via tor-relays wrote:
Hi, This was a bug that was briefly introduced between yesterday afternoon and early morning today (UTC times). I have reverted the commit this morning around 5.00 AM (UTC) so you should start seeing your graphs back to normal. Thanks for noticing and apologies for that. Cheers, -hiro
participants (5)
-
awffelwaffels
-
Eldalië
-
Georg Koppen
-
Martin Gebhardt
-
Silvia/Hiro