[tor-relays] A bit more evidence on circuit creation storms
Gordon Morehouse
gordon at morehouse.me
Sat Aug 31 01:58:14 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Since I originally started keeping an eye on these on my Raspberry Pi
relay (read: slow, resource-limited), I've got to wonder if the
circuit creation storms I was seeing months ago weren't normal network
phenomena but some kind of test run.
We are talking going from 50-250 circuits to thousands of requests per
*second* out of nowhere, and then if the machine survived it, the
storm disappearing as suddenly as it came. This was happening months
ago, but less frequently and only on lower-end hardware. Now it's
happening everywhere.
Even if the previous case *were* "normal" Tor network operation, I'd
say it's a bug, but I'm suspicious that it was whatever is going on
now in its test phase.
tor at t-3.net:
> Also see a repeat of the odd log message with the 154.x net address
> someone else described with the huge hexidecimal string (40 hex
> chars, + sign, 40 more, on and on).
Here as well. I believe this is the sign of an overloaded Tor
directory server.
>> Over roughly the same time frame I received an incredibly high
>> number of spam e-mails in one e-mail account that normally gets
>> 20 or so a day on quiet days. Perhaps this is another example
>> of mal-ware in action.
Funny, one of the dropped connections during my storm last night was
to port 993... :P
Best,
- -Gordon M.
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJSIU2zAAoJED/jpRoe7/ujMm4H/iruokRzfasoJy7jdXF0bMJT
5W94DUUzZJV+XbJIr208PxKFmElOUKLP/L/1Dqlx8csPFqqi6pN4yvBC26QMgxhh
lrcnyV0PaUAc8rwhK9cVKwl/JIoxsHFxpxL1fJBAbO9vzyr5XxKyCwiSNuIco7ip
RZEQc8/3pr/TsivTWUwSNcFtDUiFLi7+IrvGcPNG3bSbOfLhXzzfQ1SILzoy4ddm
jFW31hw/O8/J/P0XC2SbH1n1NsW7GdhhOQMoIx66d/znhy4ir9k7vdcq4MNoYwTx
SSGZc6HcZysmG78fMe7Eo00kv5sLygZnkGhZkFZEzKcjaKJoopFqnCLd60iW1lQ=
=SaO7
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x1EEFFBA3.asc
Type: application/pgp-keys
Size: 1749 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20130830/2d4f7e80/attachment.key>
More information about the tor-relays
mailing list