> On 26 Nov 2015, at 05:36, Josef Stautner <he...@veloc1ty.de> wrote: > > Hello @all, > > (I'm not sure if you guys are interested in a topic like this) > I wrote a perl script to gather bandwidth data from my Tor exit relay. > The script connects to the Tor control socket, fetches the running > config to extract the bandwidth limits and the reject rule count. > Afterwards the last 60 bw-cache entries are fetched and average values > are built for bandwidth in and out. > All this performance data is then forwarded to Nagios/Icinga where you > can do anything with that values. > > Every 30 minutes a cronjob renders the graph showing the datapoints of > the last 6 houres and uploads the resulting image to my website. You can > find the image here (Hint: The values for in and out are stacked): > https://blog.veloc1ty.de/bandwidth-large.png > > The source of the script can be found here on GitHub: > https://github.com/vlcty/check_tor_bandwidth > It's released under the GPLv3 > > Maybe somebody will find it usefull :-)
Hi Josef, Thanks for creating this tool - it looks like a great way for operators to keep an eye on their relay. But I wonder about the privacy implications of making a relay's high-resolution bandwidth figures public. For example, attacker can correlate a traffic-based attack on a hidden service, with a traffic peak on its Guards. (I am not sure if any similar attack applies to Exits, or any other role Exits may have.) We previously moved to a bandwidth statistics interval of 6 hours for this reason. (That's why the 3 days and 1 month bandwidth graphs are empty on Globe.) You lose a certain amount of precision moving to a graph, rather than reporting exact figures in a data file. But I'm not sure if that's enough to avoid the attack I described above. Tim Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP 968F094B teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays