[tor-relays] Tor Server - DDOS or High Load
webmaster at defcon-cc.dyndns.org
webmaster at defcon-cc.dyndns.org
Thu Dec 4 07:40:00 UTC 2014
Ok,
i will reject this as a normal behavior of tor. My flags are actually:
HSDir, Running, V2Dir, Valid
To point 2.: Nor, the adresses of the inbound traffic were from different
adresses.
I thought that it is not possible to force the traffic through a defined
route because form
my knowledge the route is build by the network. Sometimes I'm using my Tor
Server as a Proxy for my local http traffic. I think this is the only case
where i can force my route to use my server as a entry node.
Is it possible to flood the tor port directly with for example syn floods?
If yes; is there an iptables rule which will reduce the amount of
connection kept in the syn state?
My Tor Info:
https://globe.torproject.org/#/relay/C54E81EB047D7EC1E05B0AC6E723BE1BF5CAF520
Thanks for the reply
> Hey bud,
> Your adsl connection has a low advertised bandwidth, and doesn't make many
> connections with regards to tor; thus, the CPU usage is correct. Look up
> your server's fingerprint or nickname on Tor Globe to see how much of the
> tor network travels through your server.
> CPU load is usually associated with a lot of bandwidth or a inefficiency
> in the server. I've heard that a 100mbit tor server using full 12.5MB/s
> up/down will saturate the core dedicated to the Tor process; this is
> presumably why a lot of servers run multiple Tor instances on different
> cores and IP addresses. However, in your case, it is likely
> The large amount of connections is generally caused by a few things:
> 1. You've been running a very stable server for a long period of time and
> have sufficient bandwidth to provide connectivity for a large number of
> clients; additional flags, such as Guard, HSDir, V2Dir, and Exit will
> likely result in more connections. This is not likely with your server,
> given your advertised bandwidth is only 68.44kb/s.
> 2. A single client is using your server for a lot of connections.
> 3. An anomaly/attack in the Tor network (somewhat unlikely, I don't know
> if any have been documented.)
> 4. An attack against your server. This is very hard to do through the Tor
> network; an attack against a Tor relay using Tor is an attack against all
> Tor relays. HOWEVER, they could be attacking your port which you use to
> host your tor server.
> Just for reference, here's my tor stats:
> Advertised B/W: ~4MB/s
> Connections (555 inbound, 5 outbound, 93 exit, 1 socks, 5 circuit, 1
> control)
> Tor is averaging 9%-13% CPU usage; 198MB memory.
> More info on my server:
> https://globe.torproject.org/#/relay/EF84089646304169F439A8F473742D74F027BA1B
> https://globe.torproject.org/#/relay/EF84089646304169F439A8F473742D74F027BA1B
> I hope this answered your question, if not, send a reply and hopefully
> I'll reply sometime.
More information about the tor-relays
mailing list