[tor-relays] A new kind of attack?
Jordan Savoca
me at jordan.im
Mon Jan 15 22:48:02 UTC 2024
On 1/15/24 3:19 PM, Chris Enkidu-6 wrote:
> I've noticed a new kind of possible attack on some of my relays, as
> early as Dec.23 which causes huge spikes of outbound traffic that
> eventually maxes out RAM and crashes Tor. The newest one today lasted
> for 5 hours switching between two of the three relays on the same IP.
>
> I have included charts and excerpts from the log in my post in Tor forum
> at below link:
>
> https://forum.torproject.org/t/new-kind-of-attack/11122
I've noticed this as well, on 0.4.8.10 across FreeBSD and Alpine
platforms, against relays too new to receive any meaningful traffic from
regular clients. MaxMemInQueues does not prevent the relay's eventual
saturation of available memory on the system. The relays operated as
exit nodes.
We're low on memory (cell queues total alloc: 6336 buffer total alloc:
1556480, tor compress total alloc: 1073827425 (zlib: 0, zstd: 0, lzma:
1073827249), rendezvous cache total alloc: 0). Killing
circuits│withover-long queues. (This behavior is controlled by
MaxMemInQueues.)
--
Jordan Savoca
https://jordan.im/
More information about the tor-relays
mailing list