[tor-relays] 100K circuit request per minute for hours killed my relay
teor
teor2345 at gmail.com
Thu Jul 27 23:48:19 UTC 2017
> On 28 Jul 2017, at 03:48, Vort <vvort at yandex.ru> wrote:
>
>> This sort of thing has been going on for many years. I used to refer
>> to it as "mobbing". As nearly as I was ever able to determine, the behavior
>> is an unintended consequence of hidden services.
>
> Same thing started to happen today and I have noticed that 100% CPU
> usage spikes happens every hour and lasts for several minutes.
> During this spikes, all cores of CPU are used and stack trace points
> somewhere at worker_thread_main() function.
> Also today relay have more connections than usually (5500 vs 2000-3000).
> Is this pattern matches the characteristics of hidden services work?
...
> Jul 27 18:08:31.000 [notice] Circuit handshake stats since last time: 5198/5200 TAP, 3994625/3995090 NTor.
TAP is used for hidden services to connect to intro and rendezvous
points, and you're not seeing many extra TAP connections.
So *if* this is related to hidden services, it is not connecting to the
hidden service directly. Instead, it is sending (exit?) traffic through
the relays in the hidden service circuit.
The upcoming link padding may partially defend against this, depending
on whether guard nodes are being targeted. Otherwise, we would need to
use circuit padding, which is an area of active research.
T
--
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170728/807cc460/attachment.sig>
More information about the tor-relays
mailing list