Hi Thanx for the explanation. I have 0.4.7.8 and try to run the latest version.
So it seems the overload is entirely due to the DDoS and not my config. I have removed the maxadvertised bandwidth limit, it will now again send the measured value instead of being limited to 10 MB. I have these limits: RelayBandwidthRate 15 MB RelayBandwidthBurst 30 MB BandwidthRate 50 MB NumCPUs 2 MaxMemInQueues 3072 MB CU, Ricsi > Gesendet: Freitag, 05. August 2022 um 01:11 Uhr > Von: "s7r" <[email protected]> > An: [email protected] > Betreff: Re: [tor-relays] Overload (dropped ntor) due to DDoS?? > > Richard Menedetter wrote: > > Hi All > > > > I have a non exit relay running on a root server (4 AMD Epyc cores, 8 GB > > RAM, 2.5 GBit/s Ethernet) > > I have limited tor to numcpus 2, relaybandwidthburst 15 MB, hardwareaccel > > 1, maxadvertisedbandwidth 10 MB, maxmeminqueues 3GB > > Thanks for running a relay! > > didn't you also use RelayBandwidthRate along with RelayBandwidthBurst ? > > > > > Usually it takes less than 1 CPU core, and like 1 GB of RAM. > > But recently my relay is foten shown as obverloaded. > > I have these LOG entries: > > Tor[814]: General overload -> Ntor dropped (290376) fraction 5.3451% is > > above threshold of 0.5000% > > You are not the only one, it's an ongoing DoS attack on the network, > targeting onion services. > > > > > Is this due to DDoS attacks or a misconfigration on my side? > > Besides the question above about RelayBandwidthRate I don't see anything > wrong. > > > Is there something that I can do to aleviate this issue? > > Nope, there is nothing you can do, unfortunately. Tor has some defenses > against DoS and will blacklist / mark the abusing addresses, etc. as > much as it can. But as you know DoS is a never ending battle, usually > won by having "larger pipe", and it's something hard to tickle in an > environment where anonymity is the grounding law. > > What you can do is maintain your relay up and running in good shape with > the latest version of Tor until this "attack" gets through. As I said, I > guess most of relays are getting this at present times. The DoS "attack" > is not targeted at your relay, what you are seeing is just a side effect > of someone creating large amounts of circuits (heavy usage of Tor) which > is reflected network-wide anyways. > > > > > CU, Ricsi > _______________________________________________ > tor-relays mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
