[tor-relays] Guard node suddenly sending twice what it receives
Logforme
m7527 at abc.se
Wed Dec 20 19:29:48 UTC 2017
My little guard node (855BC2DABE24C861CD887DB9B2E950424B49FC34) have
suddenly started to behave strangely. iftop (my "bandwidth monitor"),
shows twice as much sent traffic as received traffic. The traffic seems
to be distributed to a lot of ip addresses. No ip address stands out as
receiving very much traffic: https://imgur.com/a/dAUzc
Given the last few days of DDoS attacks (my node is still targeted by
those) I naturally assume this is another attack.
First it is lots of connections (mitigated with connection limits)
Then it is massive amounts of memory per circuit (MaxMemInQueues fixes
that)
And now this.
Could this be a third attack vector or am I seeing something "normal"
(though I often check my bandwidth and I've never seen this before). My
node recently got the HSDir flag after the last crash. Could the network
be starved for HSDir machines and this is what I'm seeing?
Being a linux noob I don't know how to figure out exactly what kind of
traffic this is. Suggestions gratefully accepted.
More information about the tor-relays
mailing list