[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] DirPort DOS activity against Fallback Directories



At 18:29 5/21/2018 +0000, Logforme <m7527@xxxxxx> wrote:
>
>How can I find this information on my relay? 
>(855BC2DABE24C861CD887DB9B2E950424B49FC34)
>

Is visible here

https://metrics.torproject.org/rs.html#details/855BC2DABE24C861CD887DB9B2E950424B49FC34

Click on the Bandwidth History "3-Month" tab.  Your relays
shows indications of excess load.  You can verify this on the
local system as follows:

>For those with DirPort configured, one can check for the
>problem by looking at the 'state' file with the command
>
>   egrep '^BWHistory.*WriteValues' state | tr ',' '\n'
>
>and calculating the percent BWHistoryDirWriteValues is
>relative to BWHistoryWriteValues for the same samples.
>Should be under 5%, more like 1-3%.  If 15% the attacker
>is harassing your relay.

The above was written for lower-bandwidth relays
of around 10MB/sec.  Faster relays show a smaller increase,
but if the absolute traffic level is on the order of
60MB or more attack is likely.  A more reasonable DirPort
traffic level is around 10M.

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays