[tor-talk] warning in notice log

RgC sessyargc at gmail.com
Sun Oct 21 00:34:02 UTC 2012


Hi all,

It seems I have to reply to my own questioin.
Which is good, means this old dog learned something :-)

On 2012.10/11, RgC wrote:
> Hi all,
> 
> I was running a non-exit relay a while back. It is now down for maintenance and other reasons.
> I ran bleeding edge tor 0.2.4.3-alpha (git-d3277286698ebd37) before I turned it off.
> 
> I've been poking around the log files and found some logs that I don't quite get.  These are some of snippets.
> I changed one IP address to SOMEIPADDR for privacy, but it seems this IP address is the IP of my router.
> ORPort is 443. DIRPort 80. Socks proxy accessable to local net 192.168.XXX.XXX
> 
> Oct 01 17:57:40.000 [notice] Heartbeat: Tor's uptime is 1 day 17:46 hours, with 6 circuits open. I've sent 3.08 GB and received 2.89 GB.
> Oct 01 18:48:39.000 [warn] Got headers "HEAD /manager/status HTTP/1.1\r\nUser-Agent: Java/1.6.0_02\r\nHost: SOMEIPADDR\r\nAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2\r\nConnection: keep-alive\r\n\r\n" with unknown command. Closing.
> Oct 01 18:48:39.000 [warn] Got headers "HEAD /manager/status HTTP/1.1\r\nUser-Agent: Java/1.6.0_02\r\nHost: SOMEIPADDR\r\nAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2\r\nConnection: keep-alive\r\n\r\n" with unknown command. Closing.
> Oct 01 04:55:28.000 [warn]   (We have dropped 0.63% of all EXTEND cells for this reason)
> Oct 01 05:05:13.000 [warn] Got headers "HEAD /manager/status HTTP/1.1\r\nUser-Agent: Java/1.6.0_33\r\nHost: SOMEIPADDR\r\nAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2\r\nConnection: keep-alive\r\n\r\n" with unknown command. Closing.
> Oct 01 05:05:14.000 [warn] Got headers "HEAD /manager/status HTTP/1.1\r\nUser-Agent: Java/1.6.0_33\r\nHost: SOMEIPADDR\r\nAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2\r\nConnection: keep-alive\r\n\r\n" with unknown command. Closing.
> Oct 01 05:57:40.000 [notice] Heartbeat: Tor's uptime is 1 day 5:46 hours, with 18 circuits open. I've sent 2.89 GB and received 2.71 GB.
> Sep 30 23:57:40.000 [notice] Heartbeat: Tor's uptime is 23:46 hours, with 10 circuits open. I've sent 2.42 GB and received 2.27 GB.
> Oct 01 00:21:48.000 [warn] Got headers "HEAD / HTTP/1.1\r\nHost: SOMEIPADDR\r\nAccept-Encoding: identity\r\n\r\n" with unknown command. Closing.
> 
> 
> Does anyone know what is happening here?
> Anyone seen something similar in their logs?

The logs are generated by the error handler of directory_handle_command() in tor/src/or/directory.c

Seems to be some scripts running against the router. SOMEIPADDR is the router's IP addr.
I've got the ORport and DIRport forwarded from the router to the Tor box.
Not sure (I'm not a network person) but they're force feeding Tor. Hope Tor can handle it.

A couple of days ago it got a bit interesting.
Some more connection attempts, this time they used an external IP address (not the router's IP)
which maps to a specific group in Italy (according to whois records)

> 
> All the best,
> 
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: application/pgp-signature
> Size: 487 bytes
> Desc: not available
> URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20121011/d9b56c14/attachment.pgp>
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20121021/e90bb1de/attachment.pgp>


More information about the tor-talk mailing list