[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: any middlemen seeing DoS currently?

Crashed again after only 2 hours:
This was about 20 minutes beforehand,
0.0  1.6    39784  10400  ??  S     4:03AM   1:32.40

Nov 11 04:03:06.129 [Notice] Tor v0.2.0.31 (r16744). This is experimental software. Do not rely on it for strong anonymity. (Running on Darwin Power Macintosh) Nov 11 04:03:06.177 [Notice] Initialized libevent version 1.4.7-stable using method kqueue. Good.
Nov 11 04:03:06.198 [Notice] Opening OR listener on
Nov 11 04:03:06.219 [Notice] Opening Socks listener on
Nov 11 04:03:06.299 [Notice] Opening Control listener on
Nov 11 04:04:23.566 [Notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
Nov 11 04:04:53.299 [Notice] Performing bandwidth self-test...done.
Nov 11 06:05:20.894 [Notice] We tried for 15 seconds to connect to '[scrubbed]' using exit 'johndoe'. Retrying on a new circuit.

Should I be logging at info level? It's a lot of data...

On 10 Nov 2008, at 03:19, Nick Mathewson wrote:

On Fri, Nov 07, 2008 at 01:38:28PM +0100, Eugen Leitl wrote:

I've seen continuous table state increase since about >3.5 hours.
It went up from 1 k baseline to 5 k.

Anyone else seeing this? Any alternative explanation to DoS? (ISP

Judging by the timing, I'd think it might be related to a bug we only
uncovered on Friday.  Why Friday?  That was the first time that a
directory authority's certificate expired before it could be replaced.
The bug was that clients repeatedly asked directory caches for a new
certificate over and over, without noticing that they were getting
something expired and deciding to wait for a while.

That bug should be fixed in newer versions of Tor.  Also, all the
authority operators should (if we can make them) get way more careful
about checking certificate expiry times.