peculiar server "bandwidth" posted by server "mnl" and possible new type of attack
Domenico Andreoli
cavokz at gmail.com
Tue Sep 9 00:10:05 UTC 2008
Hi all, I am the mnl's operator,
On Tue, Sep 09, 2008 at 05:15:15AM -0500, Scott Bennett wrote:
>
> Nearly 49 MB/s seems a bit of a stretch. The server's operator sent me
> a note saying that the server is attached to the 1 GB/s campus backbone net,
> but it is attached via a 100 Mb/s router, so the reported data rate is four
> to five times the rate physically possible due to the router's limitation.
> The server, according to its operator, is running on a 2.6 GHz P4, and its
> descriptor says the machine is running LINUX. Based upon postings quite a
> while back from blutmagie's operator and from a few other operators of very
> high-data-rate servers, it seems to me that a 2.6 GHz P4 (Northwood?) running
> LINUX would not be capable of handling a load eight to ten times that of
> blutmagie, regardless of its network connection's capacity.
Confirmed.
Yes, it is a P4 step C, Northwood.
> That brings us back to something I've already posted on OR-TALK, namely,
> the apparent slowdown in tor traffic that has reduced the traffic through my
> tor server by at least 30% and, judging from the reduced peaks shown for a lot
> of the high-volume servers listed on the torstatus page, the tor network at
> large. If this is actually what has been going on, then not only should the
> bug be tracked down and killed ASAP, it serves as a call to rethink the method
> of circuit route selection to find ways to prevent a reduction-in-throughput
> attack that could be made by almost any creep by setting up a corrupted relay.
> (mnl is not even an exit.)
The fact of not being an exit node would make it a better corruped
relay? I mean, if I would like to DOS the Tor network I would be better
to set the trojan node as internal?
> (deep breath) I want to state right now that I do not in any way
> whatsoever suspect mnl's operator of any nefarious activity. I believe that
> he is at least as perplexed over his server's behavior as I am, especially
> given other information he provided about events over the weekend. I do not
What happened this weekend is that I have not been able to reach that
box. Anyway now I recall clearly why I had the impression that it was
alive. Indeed ssh did received something from it, it could not complete
the login in for other reasons. Being the box hosed by Tor, I can now
guess the sshd daemon was only very slow.
Regards,
Domenico
-----[ Domenico Andreoli, aka cavok
--[ http://www.dandreoli.com/gpgkey.asc
---[ 3A0F 2F80 F79C 678A 8936 4FEE 0677 9033 A20E BC50
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20080909/bc2dc0c6/attachment.pgp>
More information about the tor-talk
mailing list