[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Guard node suddenly sending twice what it receives



My little guard node (855BC2DABE24C861CD887DB9B2E950424B49FC34) have suddenly started to behave strangely. iftop (my "bandwidth monitor"), shows twice as much sent traffic as received traffic. The traffic seems to be distributed to a lot of ip addresses. No ip address stands out as receiving very much traffic: https://imgur.com/a/dAUzc

Given the last few days of DDoS attacks (my node is still targeted by those) I naturally assume this is another attack.
First it is lots of connections (mitigated with connection limits)
Then it is massive amounts of memory per circuit (MaxMemInQueues fixes that)
And now this.

Could this be a third attack vector or am I seeing something "normal" (though I often check my bandwidth and I've never seen this before). My node recently got the HSDir flag after the last crash. Could the network be starved for HSDir machines and this is what I'm seeing?

Being a linux noob I don't know how to figure out exactly what kind of traffic this is. Suggestions gratefully accepted.

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays