I run a small relay and it went down intermittently during Nov 1 to Nov 25, with a lot of hiccups [1] since I started it earlier in the year, which may or may not be due to this attack. It is my first and only relay so I cannot relate.
What I can say is that during most of that time in November, the relay was running, the instance was running, tor was running (if with an older version), there were no traffic restrictions I can say, etc.
Obviously after that period the relay lost its Guard flag, and since 0.3.1.9 the relay it seems to be catching up quickly, actually with much more traffic than any time before.
In the past days I did a lot of cleanup so I cannot provide logs (I barely log notices, not even that if there are no issues).
-------- Original Message --------
Subject: Re: [tor-relays] Decline in relays
Local Time: December 26, 2017 11:16 AM
UTC Time: December 26, 2017 11:16 AM
From: zwiebel@quantentunnel.de
To: tor-relays@lists.torproject.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Am 23-Oct-17 um 15:32 schrieb David Goulet:
Since July 2017, there has been a steady decline in relays from ~7k
to now ~6.5k. This is a bit unusual that is we don't see often such
a steady behavior of relays going offline (at least that I can
remember...).
It could certainly be something normal here. However, we shouldn't
rule out a bug in tor as well. The steadyness of the decline makes
me a bit more worried than usual.
That being said, I don't have an easy way to list which relays went
offline during the decline (since July basically) to see if a
common pattern emerges.
So few things. First, if anyone on this list noticed that their
relay went off the consensus while still having tor running, it is
a good time to inform this thread :).
Second, anyone could have an idea of what possibly is going on that
is have one or more theories. Even better, if you have some tooling
to try to list which relays went offline, that would be awesome.
a) Please find two pictures which show tap[1] and ntor[2] in 2016 and
2017 for a certain relay. Obviously the number of tap/ntor increases
since July 2017.
b) Taps becoming hourly massive on all my guards since October 2017.
c) An other relay had the largest amount of taps. It received 6
million taps. The tap flood took 65 minutes and the tor cpu power went
up from 60% before to 120-210% during the flood.
I can not prove but because of outbound packet abuse letters from an
ISP I start thinking if this is an other measure to damage guard/hsdir
flags. Beside the enormous consumption of cpu resources.
I hope this helps.
Cheers, Felix
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJaQi/cAAoJEF1W24InZUQdA48QAOy8CnnJGMkl+d9B844JE4uE
vZ2L96OSFOCl7Au3l+V/dYIvgdMUUe4ju8hQHhzB0918IY8Y4lMngTTgptVfwhKv
cb6RB6Ib8/1zfzLtmrEn6pdiHoUY2qlm7xB6lzsfaz3JT+KOTq1adzV9DSQAAkNV
Cp0+jdpYX/X3T7OOXzSxUDmKiqaMu7K181agMeyybUFzIPEZgmRCdnYNHmD2W2aH
zjBfSm5J1OncFcs5GwmtCKCUq5DVrjjmYZHLB4E91ExQafwcqLYfqAQDqh8ui0tW
W9//fkgPxcNgQ5hOQq2Ucf7cZJ1I12fKCApBYtfgfq91sCtt2+sozNnr4u5d5Jxy
JxiWX/t5MEWjvXcAy3jOYoPnTiuDHwG6EYWjomU+RpZwqJkdV00043a8F9UzYe67
O7/pRcDSZe3MdL7CkLZcirNMS0dSHPlxLWJCd0XlWPs5d8aW/F8kRFndQoisN7c7
zxeFFUs9/NRPCCXrzymX/rTgUtlvZ8xKjQ0K8v/giLXoNxTf02P5FK4pcD3Bu47m
qGTqfiaBFywDvFA5+icDZICJqFxtBG+6W0tWO8K79w+oKmqEyk6TBKhZDZWcH1K4
Qu62tkOZs7Qp8jKz6M8kYWsr+ATO8+IWz6o/xWTZJPVeir8qsZShR71Xz4kGftu2
1Sar8xKb/lw+xQAOoV27
=Nqx3
-----END PGP SIGNATURE-----