Hi there,
i just want to report two partially successfull DoS Attacks on my Relay: First attack: Occured yesterday. The tor process showed massive traffic, much more my upload ( 45 Mbits) could handle. I don't know how in detail this worked, but I had receiving traffic at about 40Mbits and the relay tried to send about 100Mbits towards WAN. Because I didn't know if this was harmful traffic for the tor network, I finally pulled the plug and obtained a new IP after about 4 hours into the attack. I had the feeling that a short time, there was still unusual sending/recieving ratio, but all related to tor.exe and it stabilized soon after. My Guess ist hat a malformed packet was sent by tor, resulting in uncontrolled, unknown traffic to the WAN-Side. The Realy had 3 DDoS Circuits killed, rejected circuits and introduce 2 at unnormal high rate, also like 117 marked addresses. It sent about 250GB more then it recieved. The attack is also clearly visible in Tor Metrics, a massive spike in written Bytes can be seen. Fingerprint: 8AFE4E6F05234B0184327C052B09F10191EAFAF3 Second Attack (today): Today at about 2 p.m., the memory of the relay spiked to maximum (8GB) and additionally 22GB of virtual memory was used. This caused the process to die, with an out-of-memory Error. This also must came from a malformed packet in tor. Is there any known method to circumvent both of these Issues? In the first event, i don't know if the error could have cleared self after some more hours. Regarding the memory issue, i think this must be resolved in the tor software itself, allthough I thought about adding 64GB of RAM and 256GB Page-File, just to see if it makes any difference in case of attacks. But I don't think so. Best regards, Joker
_______________________________________________ tor-relays mailing list -- [email protected] To unsubscribe send an email to [email protected]
