[tor-relays] DirPort DOS activity against Fallback Directories

starlight.2017q4 at binnacle.cx starlight.2017q4 at binnacle.cx
Mon May 21 18:36:39 UTC 2018

At 18:29 5/21/2018 +0000, Logforme <m7527 at abc.se> wrote:
>How can I find this information on my relay? 

Is visible here


Click on the Bandwidth History "3-Month" tab.  Your relays
shows indications of excess load.  You can verify this on the
local system as follows:

>For those with DirPort configured, one can check for the
>problem by looking at the 'state' file with the command
>   egrep '^BWHistory.*WriteValues' state | tr ',' '\n'
>and calculating the percent BWHistoryDirWriteValues is
>relative to BWHistoryWriteValues for the same samples.
>Should be under 5%, more like 1-3%.  If 15% the attacker
>is harassing your relay.

The above was written for lower-bandwidth relays
of around 10MB/sec.  Faster relays show a smaller increase,
but if the absolute traffic level is on the order of
60MB or more attack is likely.  A more reasonable DirPort
traffic level is around 10M.

More information about the tor-relays mailing list