[tor-relays] Sustained large spike in outbound traffic - what might be going on?

David Tomic david at tomic.com.au
Tue Dec 29 13:15:25 UTC 2015


Thanks guys.  I have been keeping a close(r) eye on this server since it
originally happened, but so far it seems to be behaving itself again.
I'll be ready to capture some more detailed data if it does decide to
happen again though.

On 29 December 2015 at 22:53, Tim Wilson-Brown - teor <teor2345 at gmail.com>
wrote:

>
> On 29 Dec 2015, at 22:44, Julien ROBIN <julien.robin28 at free.fr> wrote:
>
> Hi,
>
> In fact, this is strange because Upload means that the server is receiving
> something to send, idem for Downloads : upload and download should be the
> same if the Tor Process is used as server only (relay or exit).
>
>
> Yes, you're right, my original email was mistaken - any uploads or
> downloads go in via tor and out to the Internet (or vice versa).
>
> The only things I can think of that could cause an increase in outbound
> traffic are:
> * cell padding for many small internet server responses (up to 512x for a
> 1-byte response),
> * becoming a hidden service directory for a popular hidden service,
> * having a lot of clients download directory documents at once (this
> shouldn't happen, client directory downloads are randomised),
> * having clients make lots of DNS requests via your exit (again, this
> shouldn't happen, DNS requests are limited size).
>
> I don't know of any other attack or request that amplifies outbound
> traffic via tor or otherwise, but there may be some. Perhaps you could see
> what kind of traffic you are sending if it happens again. (It's hard to
> help without more information.)
>
> Tim
>
> Tim Wilson-Brown (teor)
>
> teor2345 at gmail dot com
> PGP 968F094B
>
> teor at blah dot im
> OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20151230/0922eea6/attachment.html>


More information about the tor-relays mailing list