[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] A new kind of attack?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] A new kind of attack?
From: Jordan Savoca via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Date: Mon, 15 Jan 2024 15:48:02 -0700
Cc: Jordan Savoca <me@xxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 16 Jan 2024 02:03:26 -0500
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lists.torproject.org; s=2022-eugeni; t=1705388560; bh=brvHz3vkaiR2CyxPxGGkseOvKif1EbUkd9YlDDKN+/M=; h=Date:To:References:In-Reply-To:Subject:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=v9tCnHT8v1OoA9XvzUytkvkCCwWgSizW/UwQUwJ01IJK3PXUqW/AxoItcnZ89wkpX 6EXeJMPkRPSAIQBKqGN8+YGy/F7m6W0Gp4FF5Ug33orEFaT+QZN8RxBs01Q5w6ZqfW H1E75wk1Ql54XhVXIl0v/i14YeL1Psqdt4Dn53oDb+XlJ0ESE1ez3JdPV1mBsF/pGI JVfv0j/JXkewrcH40vSgQmWWrXAfZ82x7qWR6nRmTUjyWdy5SVWmSNrKmmznK9jqEx VqaUyHRa5sAm/nD4M5eCC9zMpx0aCMGwIzZeiw4Gz62Glw4RttZ178SK+WuTNB56fc nzl8M6XeK1vjQ==
In-reply-to: <838c6c86-06a1-8368-126a-11145f48bf1b@wcbsecurity.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <838c6c86-06a1-8368-126a-11145f48bf1b@wcbsecurity.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On 1/15/24 3:19 PM, Chris Enkidu-6 wrote:

I've noticed a new kind of possible attack on some of my relays, as
early as Dec.23 which causes huge spikes of outbound traffic that
eventually maxes out RAM and crashes Tor. The newest one today lasted
for 5 hours switching between two of the three relays on the same IP.

I have included charts and excerpts from the log in my post in Tor forum
at below link:

https://forum.torproject.org/t/new-kind-of-attack/11122

I've noticed this as well, on 0.4.8.10 across FreeBSD and Alpineplatforms, against relays too new to receive any meaningful traffic fromregular clients. MaxMemInQueues does not prevent the relay's eventualsaturation of available memory on the system. The relays operated asexit nodes.

We're low on memory (cell queues total alloc: 6336 buffer total alloc:1556480, tor compress total alloc: 1073827425 (zlib: 0, zstd: 0, lzma:1073827249), rendezvous cache total alloc: 0). Killingcircuits│withover-long queues. (This behavior is controlled byMaxMemInQueues.)


--
Jordan Savoca
https://jordan.im/

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] A new kind of attack?
  - From: Felix via tor-relays

References:
- [tor-relays] A new kind of attack?
  - From: Chris Enkidu-6

Prev by Author: Re: [tor-relays] Worse throughput with 0.4.8.x, on a slow CPU
Next by Author: [tor-relays] Relay that's been running for a long time suddenly saying it's new?
Previous by thread: [tor-relays] A new kind of attack?
Next by thread: Re: [tor-relays] A new kind of attack?
Index(es):
- Author
- Thread