[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Guard node suddenly sending twice what it receives
> On 21 Dec 2017, at 06:29, Logforme <m7527@xxxxxx> wrote:
>
> My little guard node (855BC2DABE24C861CD887DB9B2E950424B49FC34) have suddenly started to behave strangely. iftop (my "bandwidth monitor"), shows twice as much sent traffic as received traffic. The traffic seems to be distributed to a lot of ip addresses. No ip address stands out as receiving very much traffic: https://imgur.com/a/dAUzc
>
> Given the last few days of DDoS attacks (my node is still targeted by those) I naturally assume this is another attack.
> First it is lots of connections (mitigated with connection limits)
> Then it is massive amounts of memory per circuit (MaxMemInQueues fixes that)
> And now this.
>
> Could this be a third attack vector or am I seeing something "normal" (though I often check my bandwidth and I've never seen this before). My node recently got the HSDir flag after the last crash. Could the network be starved for HSDir machines and this is what I'm seeing?
This is normal for HSDirs and directory mirrors, because the requests
are smaller than the responses.
> Being a linux noob I don't know how to figure out exactly what kind of traffic this is. Suggestions gratefully accepted.
Check the logs, but they won't tell you much, and that's deliberate.
T
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays