[tor-relays] Ongoing DDoS on the Network - Status

David Goulet dgoulet at torproject.org
Thu Dec 21 20:57:13 UTC 2017


On 20 Dec (11:21:57), David Goulet wrote:
> Hi everyone!
> 
> I'm David and I'm part of the core development team in Tor. A few minutes ago
> I just sent this to the tor-project@ mailing list about the DDoS the network
> is currently under:
> 
> https://lists.torproject.org/pipermail/tor-project/2017-December/001604.html
> 
> There is not much more to say about this right now but I wanted to thanks
> everyone here for running a relay, this situation is not pleasant for anyone
> especially for relay operators for which you need to deal with this attack
> (and extra bonus point during the holidays for some...).
> 
> Second, everyone who provided information, took the time to dig in this
> problem and sent their findings on this list was a HUGE help to us so again,
> thank you very much for this.
> 
> We will update everyone as soon as possible on the status of the tor releases
> that hopefully will contain fixes that should help mitigate this DDoS.

Hi again everyone!

We've just released 0.3.2.8-rc that contains critical fixes in order for tor
to deal with the ongoing DDoS:

https://lists.torproject.org/pipermail/tor-talk/2017-December/043844.html

Packagers have been notified also so hopefully we might get them soonish.

If you are running a relay version >= 0.3.2.x (currently 281 relays in the
network), please update as soon as you can with the latest tarball or latest
git tag.

For the others still on <= 0.3.1.x, we do have a fix that hasn't been released
yet and we'll hopefully have more soon.

In the meantime, I will repeat the recommendation we have until we can roll up
more DoS defenses. If you are affected by this DDoS, set the MaxMemInQueues to
a value that reflects the amount of *available free* RAM your machine, not the
total amount of RAM.

For instance, if you have a server with 16GB of RAM but only 8GB are free,
setting the MaxMemInQueues value to or below 8GB is the wise thing to do until
this DDoS is resolved. Of course, the more you can offer the better!

The reason for this is to force "tor" to trigger its OOM (Out Of Memory
handler) before it is too late. This won't reduce the load but it will make
the relay stay alive, not go out of memory and hopefully stay in the
consensus.

Thanks everyone for your help!
David

-- 
DMdcRweJVXVbzthX2gDiX2OwwF5dP4HgkREJLd+rUJM=
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20171221/9e2effeb/attachment.sig>


More information about the tor-relays mailing list