[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: What happens when I shut down my Tor-server?

To: alexander.janssen@xxxxxxxxx, or-talk@xxxxxxxxxxxxx
Subject: Re: What happens when I shut down my Tor-server?
From: Scott Bennett <bennett@xxxxxxxxxx>
Date: Fri, 20 Jul 2007 15:58:07 -0500 (CDT)
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Fri, 20 Jul 2007 16:58:19 -0400
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

     On Tue, 17 Jul 2007 19:53:12 +0200 "Alexander W. Janssen"
<alexander.janssen@xxxxxxxxx> wrote:

>OK, thanks for all your answer, I was a bit busy lately.

     Sorry about the delay here, too.
>
>On 7/14/07, Scott Bennett <bennett@xxxxxxxxxx> wrote:
>> Skipping your questions, I pose the following ones.
>>         1) Which signal did you send tor to get it to shut down?
>
>SIGINT
>
>>         2) If SIGINT, had ShutdownDelay seconds passed within the 30-minute
>>            period to which you referred?
>
>ShutdownWaitLength you mean? It's left to default - 30s. So yes to

     Yes.  I saw that shortly after I posted it, and I followed up with the
correction.

>your question.
>
>>         3) Are there other network applications running on the same computer
>>            to which some/all of the traffic you claim to see could be
>>            attributed?
>
>No.

     Okay, so no SMTP, DNS, FTP, ssh, or other inbound traffic should occur.
Then I have no idea why your system would be getting probed on other ports.
SYN packets should only be arriving for your tor's ORPort (and DirPort if
used).
>
>Basically I shut down the server with "/etc/init.d/tor stop". (the
>SYSV-style init-script Debian supplies)
>
>What I found was that there were still lot's of differents sources
>trying to reach my node on various ports, including ORPort. Well, if
>that'd run for 5 minutes I wouldn't have written this email, but after
>30 minutes I was still receiving lot's of stuff.
>
>However; I'll try again with more thorough tests and come back if I
>find anything even more weird stuff. So well, thanks all. Seems like
>this is nothing to worry about, however, I thought (means: I haven't
>checked the docs:) that after my node got deleted from the
>directory-servers no inbound requests should happen anymore.

     The attempts to connect to your ORPort are probably legitimate.  Once
the descriptor on the directory servers (all of them) stops showing your
tor as "running", many hours might still pass before the last active tor
client or server fetched a new copy of the directory from a directory server.
Until everyone has a directory copy that doesn't list your server as "running",
connection attempts will probably continue come in, though the more time
passes, the fewer clients and servers will have an outdated descriptor for your
server, so connection attempts should gradually slow to a trickle.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************

Prev by Author: Re: active connections when hibernating
Next by Author: Re: Tor takes too much RAM
Previous by thread: Re: What happens when I shut down my Tor-server?
Next by thread: [Fwd: MSIE7 entrapment again (+ FF tidbit)]
Index(es):
- Author
- Thread