I think you misinterpreted what I was saying or I didn't explain it well enough. Tor utilizing 100% CPU usage is only normal if you are pushing a LOT of bits. In this case, you probably have a system misconfiguration somewhere (nothing to do with Tor's configuration, torrc).
"Nor, the adresses of the inbound traffic were from different adresses."
Yes, that's expected. You're getting connections from the Tor network.
"I thought that it was not possible to force traffic through a specific
predefined route in Tor" It isn't possible. I believe I said so, or implied it. The only way to do this would be through an attack on the Tor network in general.
"Is it possible to flood the tor port directly with for example syn
floods?" Through the Tor network, no, that's impossible. TCP relies on a 3-way-handshake which means that every connection between relays will have to be complete; therefore, in order to connect to your relay, a complete connection will have to be made. I hope this makes sense, if not, I can elaborate a bit more.
However, if someone has a hold of your IP, they can run a portscanner and then determine your relay port (which is on the internet for all to see.) Therefore, you can be attacked, but not through the Tor network.
"If yes; is there an iptables rule which will reduce the amount of
connection kept in the syn state?" First of all, no. And second, that's not how you deal with a SYN flood. If that rule was implemented, it would just be easier to take your port offline.
I highly doubt you are under attack. Almost certainly a misconfiguration of some sort. Have you tried the recommendations that others have given relating to your file descriptors?
On Thu, Dec 4, 2014 at 1:40 AM, webmaster@defcon-cc.dyndns.org wrote:
Ok,
i will reject this as a normal behavior of tor. My flags are actually:
HSDir, Running, V2Dir, Valid
To point 2.: Nor, the adresses of the inbound traffic were from different adresses. I thought that it is not possible to force the traffic through a defined route because form my knowledge the route is build by the network. Sometimes I'm using my Tor Server as a Proxy for my local http traffic. I think this is the only case where i can force my route to use my server as a entry node.
Is it possible to flood the tor port directly with for example syn floods?
If yes; is there an iptables rule which will reduce the amount of connection kept in the syn state?
My Tor Info:
https://globe.torproject.org/#/relay/C54E81EB047D7EC1E05B0AC6E723BE1BF5CAF52...
Thanks for the reply
Hey bud, Your adsl connection has a low advertised bandwidth, and doesn't make
many
connections with regards to tor; thus, the CPU usage is correct. Look up your server's fingerprint or nickname on Tor Globe to see how much of the tor network travels through your server. CPU load is usually associated with a lot of bandwidth or a inefficiency in the server. I've heard that a 100mbit tor server using full 12.5MB/s up/down will saturate the core dedicated to the Tor process; this is presumably why a lot of servers run multiple Tor instances on different cores and IP addresses. However, in your case, it is likely The large amount of connections is generally caused by a few things:
- You've been running a very stable server for a long period of time and
have sufficient bandwidth to provide connectivity for a large number of clients; additional flags, such as Guard, HSDir, V2Dir, and Exit will likely result in more connections. This is not likely with your server, given your advertised bandwidth is only 68.44kb/s. 2. A single client is using your server for a lot of connections. 3. An anomaly/attack in the Tor network (somewhat unlikely, I don't know if any have been documented.) 4. An attack against your server. This is very hard to do through the Tor network; an attack against a Tor relay using Tor is an attack against all Tor relays. HOWEVER, they could be attacking your port which you use to host your tor server. Just for reference, here's my tor stats: Advertised B/W: ~4MB/s Connections (555 inbound, 5 outbound, 93 exit, 1 socks, 5 circuit, 1 control) Tor is averaging 9%-13% CPU usage; 198MB memory. More info on my server:
https://globe.torproject.org/#/relay/EF84089646304169F439A8F473742D74F027BA1...
https://globe.torproject.org/#/relay/EF84089646304169F439A8F473742D74F027BA1...
I hope this answered your question, if not, send a reply and hopefully I'll reply sometime.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays