On Wed, Jun 05, 2013 at 09:20:02AM -0000, temp5@tormail.org wrote:
I've been seeing these storms as well on my relay. I average something like 100 connections for weeks and weeks per the tor logs, but then suddenly it will jump into the thousands and I'll see the "Failed to hand off onionskin." and "Your computer is too slow to handle this many circuit creation requests!" messages.
I wonder if it's some type of DDOS too.
The current theory is that these happen when your relay becomes the hidden service directory, or introduction point, for a popular hidden service.
So these are basically roving hotspots that move around the network. In the case of the hidden service directory the pain lasts about a day, and in the case of the introduction point, it lasts for some function of the duration of the introduction point (could be a while) and the time that the hidden service descriptor is fresh (15 minutes or so). Based on the logs here, it sounds like it might be the introduction point in these cases.
Here are some tickets to look at: https://trac.torproject.org/projects/tor/ticket/3825 https://trac.torproject.org/projects/tor/ticket/4862 https://trac.torproject.org/projects/tor/ticket/8950
Also, the switch to the new ntor circuit-level handshake should reduce the cpu requirements for create cells (in addition to being more secure). So once more people have switched to ntor, these hotspots shouldn't be so bad. It is unclear if that's the same as 'shouldn't be bad'. :)
https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/216-ntor-hand...
--Roger