Upgraded exit to 0.3.3.3 and now seeing a curious CPU saturation attack. Whatever the cause, result is the main event-worker thread going from a normal load level of about 30%/core to 100%/core and staying there for about 30 seconds; then CPU consumption declines back to 30%. Gradual change on ascent and decent. Another characteristic is egress traffic slightly higher than ingress traffic, perhaps 3-4%, where normally egress and ingress flows match precisly. Checked browsing via the node and performance seems fine--no obvious degradation. Elevated NTor circuit creation rates as-of the last heartbeat, from roughly 300k to 700k per-report, but not extreme (at least in a relative sense since late December).
Anyone else observed this? Have any idea how the attack works? Captured a debug-level log of a cycle from normal load to full-on-attack but won't have time to analyzed it for a couple of weeks. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays