> On 21 Dec 2017, at 06:29, Logforme <[email protected]> wrote: > > My little guard node (855BC2DABE24C861CD887DB9B2E950424B49FC34) have suddenly > started to behave strangely. iftop (my "bandwidth monitor"), shows twice as > much sent traffic as received traffic. The traffic seems to be distributed to > a lot of ip addresses. No ip address stands out as receiving very much > traffic: https://imgur.com/a/dAUzc > > Given the last few days of DDoS attacks (my node is still targeted by those) > I naturally assume this is another attack. > First it is lots of connections (mitigated with connection limits) > Then it is massive amounts of memory per circuit (MaxMemInQueues fixes that) > And now this. > > Could this be a third attack vector or am I seeing something "normal" (though > I often check my bandwidth and I've never seen this before). My node recently > got the HSDir flag after the last crash. Could the network be starved for > HSDir machines and this is what I'm seeing?
This is normal for HSDirs and directory mirrors, because the requests are smaller than the responses. > Being a linux noob I don't know how to figure out exactly what kind of > traffic this is. Suggestions gratefully accepted. Check the logs, but they won't tell you much, and that's deliberate. T _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
