Tor load averages, openssl performance and misc related questions -amd64-freebsd

Roger Dingledine arma at mit.edu
Wed Nov 25 01:03:22 UTC 2009 

On Tue, Nov 24, 2009 at 11:40:00AM -0500, Mike L wrote:
> I just recently started running an exit node (newbie) on a vps and have a
> few questions that I didn't seem to find googling.

Thanks for helping out with the network. :)

> The one issue that I'm a little perplexed on and I'm not really sure what it
> can be is my load averages. Nothing is running on the machine except what is
> required to run Tor.
> sendmail and bsnmpd does run but those processes couldn't account for the
> loads..
> An example is  1 user, load averages: 1.32, 0.81, 0.79

Tor, when it's pushing megabytes per second, will use quite a bit of
your cpu. So it's not usual of see a non-zero load average.

> Next; I am curious about privoxy, does anyone have it configured with their
> ip
> in the listen address or do they leave it as 127.0.0.1?
> listen-address 127.0.0.1:8118
> I would like to be able to connect to the machine directly myself, to hop
> onto the tor network,
> and this seems the place to do so. What vulnerabilities does one open up
> though by allowing anyone to connect to that? It's chained to Tor but again
> I'm not sure if that is such a good idea or not to open it. ( I originally
> had it configured to my machine ip and I could indeed connect to the Tor
> network but changed it back until I could hear feedback on this)

It's probably a bad idea, for a few reasons.

- You're exposing an open web proxy, so any jerks out there who make
  lists of open web proxies will eventually find it and put you on their
  list. They may have no idea what Tor is. This would increase the set
  of bad people using Tor. (In my ideal world everybody on the Internet
  would be nice, but I think it's still fair to say that of the people
  on the Internet who want an open proxy, the ones who choose Tor are
  nicer than average.)

- If you let an attacker use the same Tor client as you use, it
  introduces new anonymity attacks. The main reason is because you're
  sharing the same circuits as he is, so if he can a) learn where those
  circuits exit, or b) influence where they exit, then things start to
  get fragile.

For those reasons, if you want to use that Tor as your client, you
probably should make sure that nobody else gets to. One way to do that
would be to set up an stunnel.

But there's a third thing to consider too:

If you're going to be using Tor somewhere else, you could just run your
Tor client there. Then you wouldn't be adding in an extra hop to your
Tor experience, and you also wouldn't be introducing an extra location
for your traffic to be watched. This part is much fuzzier -- it depends
who might be interested in your traffic and what capabilities they have.

Andrew's idea of configuring your Tor relay as a bridge node is a nice
compromise between the two ideas.

> One last question is..
> Is it normal for Tor nodes to get hammered with this in their web logs?
> client sent invalid method while reading client request line,
> "^SBitTorrentprotocol^@^@^@^@^@^P^@^EEÀEíT+A°^U^R"
> I recorded over 2k of these hits in the first hour Tor was running.

My guess is somebody is using your exit relay to transit bittorrent
traffic, and somehow they signed up your IP address, port 80, on some
tracker. So a lot of other clients are automatically trying to interact
with you.

Maybe some trackers automatically add your IP address as somebody worth
contacting, if they see any connections from your address?

--Roger

More information about the tor-relays mailing list