[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-relays] High Memory Usage observed on Windows Relay
Hi there,
I've read the latest Release-Notes an heard about the high memory usage issue.
When I was checking on my WIndows Relay today, I was shocked when I recognized it had 95% memory usage.
Interestingly, the high usage (>5GB) came from the Windows Terminal Session, in which I started the relay, not the resultiung tor.exe process itself.
Luckily, either windows or the tor application itself managed to selfheal without crash, so after 5 Minutes, the memory usage was at normal level (~450MB) again.
I have attached you the Log of the Relay, even thought I don't think it will help much. There are many rejected connections, but from what I've learned this is normal.
Affected Relay Nickname: ProSecureRelay OS: Windows x64
If you have the time, I have two questions:
First Question:
Is there any way to configure my relay as AROI? I tried it with the torrc file approach but then, my tor relay failed to start.
I added "TrustedAROI" alone. I also tried "TrustedAROI tor.mydomain.fr" etc. to the torrc file but nothing worked.
If it is required, I have an extra sub-domain for tor - but DNSSEC would lead to double the cost, so I "can't" do that right now.
Second Question:
I tried to add the parameter Address mydomain.fr to the torrc file to ensure proper IPv6 Connectivity.
We have Street-Work ongoing and in rare cases there was a DSL-Resync, and only the new IPv4 can be discovered by tor without restarting the relay. For IPv6, it does the OR-Port Test for the old IPv6 Adress, even after days.
When I add the adress parameter like "address myrelay.fr" it finds the IPv4 Adress and then gets a nasty locking stack error, so I removed it and rely on the directory ip guess function.
Random Security Observations
Additionally I wanna report a very odd firewall log entry, which i found on the windows firewall, it was an incoming connection, one time from netherlands and the other time from france, Source Port 1 - Target Port 5. I really don't know how this could pass my 2-Layer Firewall Concept, as only the OR-Port is allowed to pass and I did Port-Scans on myself without any undocumented open Ports found.
The only way I can imagine that this trafffic came from tor.exe itself. At this point, I had a BitCoin-Core Instance running, which connected to another tor.exe - configured as SOCKS Proxy only and additionally reachable via IPv4/6. I had running this under two different users to ensure an exploited user-session could not take the fingerprints etc, of the other instance at risk.
After this "incident", even though the traffic was blocked, i moved the bitcoin service on a different server. But neither on the relay, nor on the bitcoin server this weird block could be observerd again.
Finally I wanna mention it is so interesting/fun to see the firewall logs since I started the Relay Operation, like what the hell is going on - ICMP Redirect Attacks, Packets from Private 192.168.6.X Adresses, Port-Scans and State-Table Overflow Attempts - even DDoS Attacks with 100Mbits Max for about 12 Hours and last but not least, ICMPs from Kursk Oblast to TU Darmstadt DE.
Sorry for the long mail.
Have nice weekend and best regards!
Joker
PS: Tor 0.4.8.20 for Windows - when? My update-monk is raging. ;D
Nov 13 02:40:37.000 [notice] Performing bandwidth self-test...done.
Nov 13 04:20:38.000 [notice] Our directory information is no longer up-to-date enough to build circuits: We're missing descriptors for 1/3 of our primary entry guards (total microdescriptors: 9242/9254). That's ok. We will try to fetch missing descriptors soon.
Nov 13 04:20:38.000 [notice] I learned some more directory information, but not enough to build a circuit: We're missing descriptors for 1/3 of our primary entry guards (total microdescriptors: 9242/9254). That's ok. We will try to fetch missing descriptors soon.
Nov 13 04:20:39.000 [notice] We now have enough directory information to build circuits.
Nov 13 08:39:36.000 [notice] Heartbeat: Tor's uptime is 6:00 hours, with 1656 circuits open. I've sent 9.95 GB and received 9.77 GB. I've received 8697 connections on IPv4 and 3089 on IPv6. I've made 6956 connections with IPv4 and 2590 with IPv6.
Nov 13 08:39:36.000 [notice] While not bootstrapping, fetched this many bytes: 17479228 (server descriptor fetch); 540 (server descriptor upload); 440330 (consensus network-status fetch); 149233 (microdescriptor fetch)
Nov 13 08:39:36.000 [notice] Circuit handshake stats since last time: 2/2 TAP, 91093/91093 NTor.
Nov 13 08:39:36.000 [notice] Since startup we initiated 0 and received 0 v1 connections; initiated 0 and received 0 v2 connections; initiated 0 and received 0 v3 connections; initiated 0 and received 2289 v4 connections; initiated 7856 and received 9146 v5 connections.
Nov 13 08:39:36.000 [notice] Heartbeat: DoS mitigation since startup: 0 circuits killed with too many cells, 0 circuits rejected, 0 marked addresses, 0 marked addresses for max queue, 0 same address concurrent connections rejected, 0 connections rejected, 0 single hop clients refused, 0 INTRODUCE2 rejected.
Nov 13 14:39:36.000 [notice] Heartbeat: Tor's uptime is 12:00 hours, with 1537 circuits open. I've sent 21.10 GB and received 20.55 GB. I've received 17675 connections on IPv4 and 4291 on IPv6. I've made 14789 connections with IPv4 and 5735 with IPv6.
Nov 13 14:39:36.000 [notice] While not bootstrapping, fetched this many bytes: 28246760 (server descriptor fetch); 540 (server descriptor upload); 784453 (consensus network-status fetch); 332454 (microdescriptor fetch)
Nov 13 14:39:36.000 [notice] Circuit handshake stats since last time: 5/5 TAP, 42855/42855 NTor.
Nov 13 14:39:36.000 [notice] Since startup we initiated 0 and received 0 v1 connections; initiated 0 and received 0 v2 connections; initiated 0 and received 0 v3 connections; initiated 0 and received 5532 v4 connections; initiated 16591 and received 15814 v5 connections.
Nov 13 14:39:36.000 [notice] Heartbeat: DoS mitigation since startup: 0 circuits killed with too many cells, 0 circuits rejected, 0 marked addresses, 0 marked addresses for max queue, 0 same address concurrent connections rejected, 0 connections rejected, 0 single hop clients refused, 0 INTRODUCE2 rejected.
Nov 13 20:39:36.000 [notice] Heartbeat: Tor's uptime is 18:00 hours, with 1740 circuits open. I've sent 37.77 GB and received 36.94 GB. I've received 27152 connections on IPv4 and 5531 on IPv6. I've made 24566 connections with IPv4 and 9588 with IPv6.
Nov 13 20:39:36.000 [notice] While not bootstrapping, fetched this many bytes: 42450469 (server descriptor fetch); 540 (server descriptor upload); 1154497 (consensus network-status fetch); 457913 (microdescriptor fetch)
Nov 13 20:39:36.000 [notice] Circuit handshake stats since last time: 4/4 TAP, 53686/53686 NTor.
Nov 13 20:39:36.000 [notice] Since startup we initiated 0 and received 0 v1 connections; initiated 0 and received 0 v2 connections; initiated 0 and received 0 v3 connections; initiated 0 and received 8306 v4 connections; initiated 27360 and received 23616 v5 connections.
Nov 13 20:39:36.000 [notice] Heartbeat: DoS mitigation since startup: 0 circuits killed with too many cells, 181522 circuits rejected, 5 marked addresses, 0 marked addresses for max queue, 0 same address concurrent connections rejected, 0 connections rejected, 0 single hop clients refused, 0 INTRODUCE2 rejected.
Nov 14 02:39:39.000 [notice] Heartbeat: Tor's uptime is 1 day 0:00 hours, with 2207 circuits open. I've sent 60.87 GB and received 59.92 GB. I've received 39769 connections on IPv4 and 6122 on IPv6. I've made 41429 connections with IPv4 and 20467 with IPv6.
Nov 14 02:39:39.000 [notice] While not bootstrapping, fetched this many bytes: 56193745 (server descriptor fetch); 1080 (server descriptor upload); 1513842 (consensus network-status fetch); 566508 (microdescriptor fetch)
Nov 14 02:39:39.000 [notice] Circuit handshake stats since last time: 2/2 TAP, 121440/121440 NTor.
Nov 14 02:39:39.000 [notice] Since startup we initiated 0 and received 0 v1 connections; initiated 0 and received 0 v2 connections; initiated 0 and received 0 v3 connections; initiated 0 and received 10782 v4 connections; initiated 37289 and received 34248 v5 connections.
Nov 14 02:39:39.000 [notice] Heartbeat: DoS mitigation since startup: 0 circuits killed with too many cells, 507150 circuits rejected, 5 marked addresses, 0 marked addresses for max queue, 0 same address concurrent connections rejected, 0 connections rejected, 0 single hop clients refused, 0 INTRODUCE2 rejected.
Nov 14 08:39:39.000 [notice] Heartbeat: Tor's uptime is 1 day 6:00 hours, with 2611 circuits open. I've sent 90.17 GB and received 88.94 GB. I've received 57824 connections on IPv4 and 6388 on IPv6. I've made 62897 connections with IPv4 and 37956 with IPv6.
Nov 14 08:39:39.000 [notice] While not bootstrapping, fetched this many bytes: 66735239 (server descriptor fetch); 1080 (server descriptor upload); 1847709 (consensus network-status fetch); 711052 (microdescriptor fetch)
Nov 14 08:39:39.000 [notice] Circuit handshake stats since last time: 6/6 TAP, 189320/189320 NTor.
Nov 14 08:39:39.000 [notice] Since startup we initiated 0 and received 0 v1 connections; initiated 0 and received 0 v2 connections; initiated 0 and received 0 v3 connections; initiated 0 and received 13335 v4 connections; initiated 41020 and received 49857 v5 connections.
Nov 14 08:39:39.000 [notice] Heartbeat: DoS mitigation since startup: 0 circuits killed with too many cells, 767224 circuits rejected, 5 marked addresses, 0 marked addresses for max queue, 0 same address concurrent connections rejected, 0 connections rejected, 0 single hop clients refused, 0 INTRODUCE2 rejected.
Nov 14 14:39:39.000 [notice] Heartbeat: Tor's uptime is 1 day 12:00 hours, with 3260 circuits open. I've sent 128.31 GB and received 126.92 GB. I've received 74598 connections on IPv4 and 6688 on IPv6. I've made 82276 connections with IPv4 and 53527 with IPv6.
Nov 14 14:39:39.000 [notice] While not bootstrapping, fetched this many bytes: 80620568 (server descriptor fetch); 1080 (server descriptor upload); 2321145 (consensus network-status fetch); 796619 (microdescriptor fetch)
Nov 14 14:39:39.000 [notice] Circuit handshake stats since last time: 3/3 TAP, 197358/197358 NTor.
Nov 14 14:39:39.000 [notice] Since startup we initiated 0 and received 0 v1 connections; initiated 0 and received 0 v2 connections; initiated 0 and received 0 v3 connections; initiated 0 and received 16091 v4 connections; initiated 44598 and received 63925 v5 connections.
Nov 14 14:39:39.000 [notice] Heartbeat: DoS mitigation since startup: 0 circuits killed with too many cells, 1047128 circuits rejected, 6 marked addresses, 0 marked addresses for max queue, 0 same address concurrent connections rejected, 0 connections rejected, 0 single hop clients refused, 0 INTRODUCE2 rejected.
Nov 14 20:39:39.000 [notice] Heartbeat: Tor's uptime is 1 day 18:00 hours, with 2043 circuits open. I've sent 160.02 GB and received 158.33 GB. I've received 88129 connections on IPv4 and 7247 on IPv6. I've made 94900 connections with IPv4 and 62153 with IPv6.
Nov 14 20:39:39.000 [notice] While not bootstrapping, fetched this many bytes: 94192072 (server descriptor fetch); 1560 (server descriptor upload); 2672861 (consensus network-status fetch); 1064715 (microdescriptor fetch)
Nov 14 20:39:39.000 [notice] Circuit handshake stats since last time: 2/2 TAP, 124807/124807 NTor.
Nov 14 20:39:39.000 [notice] Since startup we initiated 0 and received 0 v1 connections; initiated 0 and received 0 v2 connections; initiated 0 and received 0 v3 connections; initiated 0 and received 18841 v4 connections; initiated 49762 and received 74899 v5 connections.
Nov 14 20:39:39.000 [notice] Heartbeat: DoS mitigation since startup: 0 circuits killed with too many cells, 1288871 circuits rejected, 6 marked addresses, 0 marked addresses for max queue, 0 same address concurrent connections rejected, 0 connections rejected, 0 single hop clients refused, 0 INTRODUCE2 rejected.
Nov 15 02:39:39.000 [notice] Heartbeat: Tor's uptime is 2 days 0:00 hours, with 1944 circuits open. I've sent 175.88 GB and received 173.96 GB. I've received 97509 connections on IPv4 and 8301 on IPv6. I've made 102946 connections with IPv4 and 65282 with IPv6.
Nov 15 02:39:39.000 [notice] While not bootstrapping, fetched this many bytes: 105074948 (server descriptor fetch); 1560 (server descriptor upload); 3027587 (consensus network-status fetch); 1259272 (microdescriptor fetch)
Nov 15 02:39:39.000 [notice] Circuit handshake stats since last time: 3/3 TAP, 42052/42052 NTor.
Nov 15 02:39:39.000 [notice] Since startup we initiated 0 and received 0 v1 connections; initiated 0 and received 0 v2 connections; initiated 0 and received 0 v3 connections; initiated 0 and received 21685 v4 connections; initiated 58786 and received 82388 v5 connections.
Nov 15 02:39:39.000 [notice] Heartbeat: DoS mitigation since startup: 0 circuits killed with too many cells, 1514611 circuits rejected, 6 marked addresses, 0 marked addresses for max queue, 0 same address concurrent connections rejected, 0 connections rejected, 0 single hop clients refused, 0 INTRODUCE2 rejected.
Nov 15 08:39:39.000 [notice] Heartbeat: Tor's uptime is 2 days 6:00 hours, with 1960 circuits open. I've sent 191.14 GB and received 188.94 GB. I've received 106671 connections on IPv4 and 9304 on IPv6. I've made 112443 connections with IPv4 and 68650 with IPv6.
Nov 15 08:39:39.000 [notice] While not bootstrapping, fetched this many bytes: 126438294 (server descriptor fetch); 1560 (server descriptor upload); 3472452 (consensus network-status fetch); 4023211 (microdescriptor fetch)
Nov 15 08:39:39.000 [notice] Circuit handshake stats since last time: 1/1 TAP, 44161/44161 NTor.
Nov 15 08:39:39.000 [notice] Since startup we initiated 0 and received 0 v1 connections; initiated 0 and received 0 v2 connections; initiated 0 and received 0 v3 connections; initiated 0 and received 24202 v4 connections; initiated 68721 and received 89917 v5 connections.
Nov 15 08:39:39.000 [notice] Heartbeat: DoS mitigation since startup: 0 circuits killed with too many cells, 1739169 circuits rejected, 6 marked addresses, 0 marked addresses for max queue, 0 same address concurrent connections rejected, 0 connections rejected, 0 single hop clients refused, 0 INTRODUCE2 rejected.
Nov 15 14:39:39.000 [notice] Heartbeat: Tor's uptime is 2 days 12:00 hours, with 2053 circuits open. I've sent 205.56 GB and received 203.08 GB. I've received 115628 connections on IPv4 and 10215 on IPv6. I've made 121819 connections with IPv4 and 72298 with IPv6.
Nov 15 14:39:39.000 [notice] While not bootstrapping, fetched this many bytes: 138368666 (server descriptor fetch); 2100 (server descriptor upload); 3826822 (consensus network-status fetch); 4459554 (microdescriptor fetch)
Nov 15 14:39:39.000 [notice] Circuit handshake stats since last time: 6/6 TAP, 44683/44683 NTor.
Nov 15 14:39:39.000 [notice] Since startup we initiated 0 and received 0 v1 connections; initiated 0 and received 0 v2 connections; initiated 0 and received 0 v3 connections; initiated 0 and received 26987 v4 connections; initiated 79041 and received 96874 v5 connections.
Nov 15 14:39:39.000 [notice] Heartbeat: DoS mitigation since startup: 0 circuits killed with too many cells, 1964354 circuits rejected, 6 marked addresses, 0 marked addresses for max queue, 0 same address concurrent connections rejected, 0 connections rejected, 0 single hop clients refused, 0 INTRODUCE2 rejected.
Nov 15 20:39:39.000 [notice] Heartbeat: Tor's uptime is 2 days 18:00 hours, with 1710 circuits open. I've sent 224.84 GB and received 222.16 GB. I've received 125992 connections on IPv4 and 11273 on IPv6. I've made 129795 connections with IPv4 and 75623 with IPv6.
Nov 15 20:39:39.000 [notice] While not bootstrapping, fetched this many bytes: 147095433 (server descriptor fetch); 2100 (server descriptor upload); 4148031 (consensus network-status fetch); 4522173 (microdescriptor fetch)
Nov 15 20:39:39.000 [notice] Circuit handshake stats since last time: 6/6 TAP, 43494/43494 NTor.
Nov 15 20:39:39.000 [notice] Since startup we initiated 0 and received 0 v1 connections; initiated 0 and received 0 v2 connections; initiated 0 and received 0 v3 connections; initiated 0 and received 29475 v4 connections; initiated 87975 and received 105647 v5 connections.
Nov 15 20:39:39.000 [notice] Heartbeat: DoS mitigation since startup: 0 circuits killed with too many cells, 2247975 circuits rejected, 6 marked addresses, 0 marked addresses for max queue, 0 same address concurrent connections rejected, 0 connections rejected, 0 single hop clients refused, 0 INTRODUCE2 rejected.
_______________________________________________
tor-relays mailing list -- tor-relays@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-relays-leave@xxxxxxxxxxxxxxxxxxxx