[tor-relays] Tor Server - DDOS or High Load
Martin
hardlined at gmail.com
Thu Dec 4 12:09:37 UTC 2014
High system load does not necessarily mean high CPU usage, the CPU could be
busy in the "iowait" state waiting for an open file descriptors. I would
try increasing your ulimit -n to something like 2048 or 4096. 1024 is
probably meant for a normal desktop users, but since you are running a
service with multiple incoming and outgoing connections, that is your
bottleneck (Tor even tells you so).
For reference I currently have my open file descriptors set to 262144, of
about which 45k are being used. The init.d scripts of the debian and ubuntu
packages set this to 32768 by default when starting up.
On Thu, Dec 4, 2014 at 7:40 AM, <webmaster at defcon-cc.dyndns.org> wrote:
> Ok,
>
> i will reject this as a normal behavior of tor. My flags are actually:
>
> HSDir, Running, V2Dir, Valid
>
> To point 2.: Nor, the adresses of the inbound traffic were from different
> adresses.
> I thought that it is not possible to force the traffic through a defined
> route because form
> my knowledge the route is build by the network. Sometimes I'm using my Tor
> Server as a Proxy for my local http traffic. I think this is the only case
> where i can force my route to use my server as a entry node.
>
> Is it possible to flood the tor port directly with for example syn floods?
>
> If yes; is there an iptables rule which will reduce the amount of
> connection kept in the syn state?
>
> My Tor Info:
>
> https://globe.torproject.org/#/relay/C54E81EB047D7EC1E05B0AC6E723BE1BF5CAF520
>
> Thanks for the reply
>
>
>
> > Hey bud,
> > Your adsl connection has a low advertised bandwidth, and doesn't make
> many
> > connections with regards to tor; thus, the CPU usage is correct. Look up
> > your server's fingerprint or nickname on Tor Globe to see how much of the
> > tor network travels through your server.
> > CPU load is usually associated with a lot of bandwidth or a inefficiency
> > in the server. I've heard that a 100mbit tor server using full 12.5MB/s
> > up/down will saturate the core dedicated to the Tor process; this is
> > presumably why a lot of servers run multiple Tor instances on different
> > cores and IP addresses. However, in your case, it is likely
> > The large amount of connections is generally caused by a few things:
> > 1. You've been running a very stable server for a long period of time and
> > have sufficient bandwidth to provide connectivity for a large number of
> > clients; additional flags, such as Guard, HSDir, V2Dir, and Exit will
> > likely result in more connections. This is not likely with your server,
> > given your advertised bandwidth is only 68.44kb/s.
> > 2. A single client is using your server for a lot of connections.
> > 3. An anomaly/attack in the Tor network (somewhat unlikely, I don't know
> > if any have been documented.)
> > 4. An attack against your server. This is very hard to do through the Tor
> > network; an attack against a Tor relay using Tor is an attack against all
> > Tor relays. HOWEVER, they could be attacking your port which you use to
> > host your tor server.
> > Just for reference, here's my tor stats:
> > Advertised B/W: ~4MB/s
> > Connections (555 inbound, 5 outbound, 93 exit, 1 socks, 5 circuit, 1
> > control)
> > Tor is averaging 9%-13% CPU usage; 198MB memory.
> > More info on my server:
> >
> https://globe.torproject.org/#/relay/EF84089646304169F439A8F473742D74F027BA1B
> >
> https://globe.torproject.org/#/relay/EF84089646304169F439A8F473742D74F027BA1B
> > I hope this answered your question, if not, send a reply and hopefully
> > I'll reply sometime.
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20141204/8f798bba/attachment.html>
More information about the tor-relays
mailing list