[tor-relays] DirPort DOS activity against Fallback Directories
starlight.2017q4 at binnacle.cx
starlight.2017q4 at binnacle.cx
Mon May 21 18:36:39 UTC 2018
At 18:29 5/21/2018 +0000, Logforme <m7527 at abc.se> wrote:
>
>How can I find this information on my relay?
>(855BC2DABE24C861CD887DB9B2E950424B49FC34)
>
Is visible here
https://metrics.torproject.org/rs.html#details/855BC2DABE24C861CD887DB9B2E950424B49FC34
Click on the Bandwidth History "3-Month" tab. Your relays
shows indications of excess load. You can verify this on the
local system as follows:
>For those with DirPort configured, one can check for the
>problem by looking at the 'state' file with the command
>
> egrep '^BWHistory.*WriteValues' state | tr ',' '\n'
>
>and calculating the percent BWHistoryDirWriteValues is
>relative to BWHistoryWriteValues for the same samples.
>Should be under 5%, more like 1-3%. If 15% the attacker
>is harassing your relay.
The above was written for lower-bandwidth relays
of around 10MB/sec. Faster relays show a smaller increase,
but if the absolute traffic level is on the order of
60MB or more attack is likely. A more reasonable DirPort
traffic level is around 10M.
More information about the tor-relays
mailing list