[tor-relays] Guard node suddenly sending twice what it receives
teor
teor2345 at gmail.com
Wed Dec 20 20:40:56 UTC 2017
> On 21 Dec 2017, at 06:29, Logforme <m7527 at abc.se> wrote:
>
> My little guard node (855BC2DABE24C861CD887DB9B2E950424B49FC34) have suddenly started to behave strangely. iftop (my "bandwidth monitor"), shows twice as much sent traffic as received traffic. The traffic seems to be distributed to a lot of ip addresses. No ip address stands out as receiving very much traffic: https://imgur.com/a/dAUzc
>
> Given the last few days of DDoS attacks (my node is still targeted by those) I naturally assume this is another attack.
> First it is lots of connections (mitigated with connection limits)
> Then it is massive amounts of memory per circuit (MaxMemInQueues fixes that)
> And now this.
>
> Could this be a third attack vector or am I seeing something "normal" (though I often check my bandwidth and I've never seen this before). My node recently got the HSDir flag after the last crash. Could the network be starved for HSDir machines and this is what I'm seeing?
This is normal for HSDirs and directory mirrors, because the requests
are smaller than the responses.
> Being a linux noob I don't know how to figure out exactly what kind of traffic this is. Suggestions gratefully accepted.
Check the logs, but they won't tell you much, and that's deliberate.
T
More information about the tor-relays
mailing list