[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] CPU saturation attack/abuse



Upgraded exit to 0.3.3.3 and now seeing a curious CPU saturation
attack.  Whatever the cause, result is the main event-worker thread
going from a normal load level of about 30%/core to 100%/core and
staying there for about 30 seconds; then CPU consumption declines back
to 30%.  Gradual change on ascent and decent.  Another characteristic
is egress traffic slightly higher than ingress traffic, perhaps 3-4%,
where normally egress and ingress flows match precisly.  Checked
browsing via the node and performance seems fine--no obvious
degradation.  Elevated NTor circuit creation rates as-of the last
heartbeat, from roughly 300k to 700k per-report, but not extreme (at
least in a relative sense since late December).

Anyone else observed this?  Have any idea how the attack works?

Captured a debug-level log of a cycle from normal load to
full-on-attack but won't have time to analyzed it for a couple of
weeks.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays