[tor-relays] CPU saturation attack/abuse
Dhalgren Tor
dhalgren.tor at gmail.com
Sun Mar 4 18:41:49 UTC 2018
Upgraded exit to 0.3.3.3 and now seeing a curious CPU saturation
attack. Whatever the cause, result is the main event-worker thread
going from a normal load level of about 30%/core to 100%/core and
staying there for about 30 seconds; then CPU consumption declines back
to 30%. Gradual change on ascent and decent. Another characteristic
is egress traffic slightly higher than ingress traffic, perhaps 3-4%,
where normally egress and ingress flows match precisly. Checked
browsing via the node and performance seems fine--no obvious
degradation. Elevated NTor circuit creation rates as-of the last
heartbeat, from roughly 300k to 700k per-report, but not extreme (at
least in a relative sense since late December).
Anyone else observed this? Have any idea how the attack works?
Captured a debug-level log of a cycle from normal load to
full-on-attack but won't have time to analyzed it for a couple of
weeks.
More information about the tor-relays
mailing list