[tor-relays] DirPort DOS activity against Fallback Directories

starlight.2017q4 at binnacle.cx starlight.2017q4 at binnacle.cx
Mon May 21 18:36:39 UTC 2018


At 18:29 5/21/2018 +0000, Logforme <m7527 at abc.se> wrote:
>
>How can I find this information on my relay? 
>(855BC2DABE24C861CD887DB9B2E950424B49FC34)
>

Is visible here

https://metrics.torproject.org/rs.html#details/855BC2DABE24C861CD887DB9B2E950424B49FC34

Click on the Bandwidth History "3-Month" tab.  Your relays
shows indications of excess load.  You can verify this on the
local system as follows:

>For those with DirPort configured, one can check for the
>problem by looking at the 'state' file with the command
>
>   egrep '^BWHistory.*WriteValues' state | tr ',' '\n'
>
>and calculating the percent BWHistoryDirWriteValues is
>relative to BWHistoryWriteValues for the same samples.
>Should be under 5%, more like 1-3%.  If 15% the attacker
>is harassing your relay.

The above was written for lower-bandwidth relays
of around 10MB/sec.  Faster relays show a smaller increase,
but if the absolute traffic level is on the order of
60MB or more attack is likely.  A more reasonable DirPort
traffic level is around 10M.



More information about the tor-relays mailing list