On 13 Mar 2018, at 03:55, dawuud dawuud@riseup.net wrote:
Out of 9900 possible two hop tor circuits among the top 100 tor relays only 935 circuit builds have succeeded. This is way worse than the last time I sent a report 6 months ago during the Montreal tor dev meeting.
How much worse?
And where did you scan *from*? (It's hard to interpret the results without the latency and quality of your client connection.)
Also, we have just deployed defences to exactly this kind of rapid circuit or connection building by a single client. I wonder if your client triggered those defences. The circuit defences would likely cause timeouts, and the connection defences would likely cause failures.
I also wonder if your client triggered custom defences on some relays.
Here's the scanner I use:
https://github.com/david415/tor_partition_scanner
…
Here's the gist of my simple testing methodology:
https://gist.github.com/david415/9875821652018431dd6d6c4407bb90c0#file-detec...
Here's exactly how I performed the scan to get those results:
wget https://collector.torproject.org/recent/relay-descriptors/consensuses/2018-0...
./helpers/query_fingerprints_from_consensus_file.py 2018-03-1 3-01-00-00-consensus > top100.relays
detect_partitions.py --tor-control tcp:127.0.0.1:9051 --log-dir ./ --status-log ./status_log \ --relay-list top100.relays --secret secretTorEmpireOfRelays --partitions 1 --this-partition 0 \ --build-duration .25 --circuit-timeout 60 --log-chunk-size 1000 --max-concurrency 100
You might get better results if you scan more slowly. Try to stay under 1 circuit every 3 seconds to each relay from your IP address. Try to stay under 50 connections to the same relay from your IP address.
I'm going from memory, check the Tor man page, dir-spec, and the consensus for the latest DDoS parameter values.
T