[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Overload (dropped ntor) due to DDoS??
Hi
Thanx for the explanation.
I have 0.4.7.8 and try to run the latest version.
So it seems the overload is entirely due to the DDoS and not my config.
I have removed the maxadvertised bandwidth limit, it will now again send the measured value instead of being limited to 10 MB.
I have these limits:
RelayBandwidthRate 15 MB
RelayBandwidthBurst 30 MB
BandwidthRate 50 MB
NumCPUs 2
MaxMemInQueues 3072 MB
CU, Ricsi
> Gesendet: Freitag, 05. August 2022 um 01:11 Uhr
> Von: "s7r" <s7r@xxxxxxxxxx>
> An: tor-relays@xxxxxxxxxxxxxxxxxxxx
> Betreff: Re: [tor-relays] Overload (dropped ntor) due to DDoS??
>
> Richard Menedetter wrote:
> > Hi All
> >
> > I have a non exit relay running on a root server (4 AMD Epyc cores, 8 GB RAM, 2.5 GBit/s Ethernet)
> > I have limited tor to numcpus 2, relaybandwidthburst 15 MB, hardwareaccel 1, maxadvertisedbandwidth 10 MB, maxmeminqueues 3GB
>
> Thanks for running a relay!
>
> didn't you also use RelayBandwidthRate along with RelayBandwidthBurst ?
>
> >
> > Usually it takes less than 1 CPU core, and like 1 GB of RAM.
> > But recently my relay is foten shown as obverloaded.
> > I have these LOG entries:
> > Tor[814]: General overload -> Ntor dropped (290376) fraction 5.3451% is above threshold of 0.5000%
>
> You are not the only one, it's an ongoing DoS attack on the network,
> targeting onion services.
>
> >
> > Is this due to DDoS attacks or a misconfigration on my side?
>
> Besides the question above about RelayBandwidthRate I don't see anything
> wrong.
>
> > Is there something that I can do to aleviate this issue?
>
> Nope, there is nothing you can do, unfortunately. Tor has some defenses
> against DoS and will blacklist / mark the abusing addresses, etc. as
> much as it can. But as you know DoS is a never ending battle, usually
> won by having "larger pipe", and it's something hard to tickle in an
> environment where anonymity is the grounding law.
>
> What you can do is maintain your relay up and running in good shape with
> the latest version of Tor until this "attack" gets through. As I said, I
> guess most of relays are getting this at present times. The DoS "attack"
> is not targeted at your relay, what you are seeing is just a side effect
> of someone creating large amounts of circuits (heavy usage of Tor) which
> is reflected network-wide anyways.
>
> >
> > CU, Ricsi
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays