Ok,
i will reject this as a normal behavior of tor. My flags are actually:
HSDir, Running, V2Dir, Valid
To point 2.: Nor, the adresses of the inbound traffic were from different adresses. I thought that it is not possible to force the traffic through a defined route because form my knowledge the route is build by the network. Sometimes I'm using my Tor Server as a Proxy for my local http traffic. I think this is the only case where i can force my route to use my server as a entry node.
Is it possible to flood the tor port directly with for example syn floods?
If yes; is there an iptables rule which will reduce the amount of connection kept in the syn state?
My Tor Info: https://globe.torproject.org/#/relay/C54E81EB047D7EC1E05B0AC6E723BE1BF5CAF52...
Thanks for the reply
Hey bud, Your adsl connection has a low advertised bandwidth, and doesn't make many connections with regards to tor; thus, the CPU usage is correct. Look up your server's fingerprint or nickname on Tor Globe to see how much of the tor network travels through your server. CPU load is usually associated with a lot of bandwidth or a inefficiency in the server. I've heard that a 100mbit tor server using full 12.5MB/s up/down will saturate the core dedicated to the Tor process; this is presumably why a lot of servers run multiple Tor instances on different cores and IP addresses. However, in your case, it is likely The large amount of connections is generally caused by a few things:
- You've been running a very stable server for a long period of time and
have sufficient bandwidth to provide connectivity for a large number of clients; additional flags, such as Guard, HSDir, V2Dir, and Exit will likely result in more connections. This is not likely with your server, given your advertised bandwidth is only 68.44kb/s. 2. A single client is using your server for a lot of connections. 3. An anomaly/attack in the Tor network (somewhat unlikely, I don't know if any have been documented.) 4. An attack against your server. This is very hard to do through the Tor network; an attack against a Tor relay using Tor is an attack against all Tor relays. HOWEVER, they could be attacking your port which you use to host your tor server. Just for reference, here's my tor stats: Advertised B/W: ~4MB/s Connections (555 inbound, 5 outbound, 93 exit, 1 socks, 5 circuit, 1 control) Tor is averaging 9%-13% CPU usage; 198MB memory. More info on my server: https://globe.torproject.org/#/relay/EF84089646304169F439A8F473742D74F027BA1... https://globe.torproject.org/#/relay/EF84089646304169F439A8F473742D74F027BA1... I hope this answered your question, if not, send a reply and hopefully I'll reply sometime.