To try to get to the bottom of the recent influx of clients to the Tor network, it might be useful to compare load characteristics since 8/19 for nodes with different types of flags.
People with Munin setups: it would be especially useful if you could post links/graph images for connection counts, bandwidth, and CPU load since 8/19.
I'm particularly interested if people with just the Exit flag (w/o Guard) are seeing increased connection counts that aren't explained by uptime or ramp-up. So far the only datapoint I have for this is https://www.torservers.net/munin/torservers.net/psilotorlu.torservers.net/in... but it looks like that node just rebooted and possibly rekeyed, so it's connection increase could just be due to that.
It would also be interesting to see if Guard+Exits are seeing a greater increase in connection counts than just Guards.
I'm also wondering if any aspects of the load has any other relation to node flags.
On 08/31/2013 09:25 AM, Mike Perry wrote:
People with Munin setups: it would be especially useful if you could post links/graph images for connection counts, bandwidth, and CPU load since 8/19.
I have Munin data for three servers (each running two Tor instances): https://v-yu.com/servers/munin/network-month.html https://v-yu.com/servers/munin/system-month.html (the start of week 34 on the graphs corresponds to 8/18) (ignore aluminum---it is bandwidth capped and hibernating)
All are non-exit guards. Atlas: https://atlas.torproject.org/#search/reflex
One Tor instance each from zinc and silicon went down about a day ago when the servers ran out of memory (memory usage has been climbing with connection counts). The UDP connections in the graphs are unrelated to Tor---they are from NTP pool servers that I am running. I will probably be rebooting all servers soon.
Vincent
Am Freitag, 30. August 2013, 18:25:54 schrieb Mike Perry:
To try to get to the bottom of the recent influx of clients to the Tor network, it might be useful to compare load characteristics since 8/19 for nodes with different types of flags.
People with Munin setups: it would be especially useful if you could post links/graph images for connection counts, bandwidth, and CPU load since 8/19.
I'm particularly interested if people with just the Exit flag (w/o Guard) are seeing increased connection counts that aren't explained by uptime or ramp-up. So far the only datapoint I have for this is https://www.torservers.net/munin/torservers.net/psilotorlu.torservers.net/in dex.html#network but it looks like that node just rebooted and possibly rekeyed, so it's connection increase could just be due to that.
It would also be interesting to see if Guard+Exits are seeing a greater increase in connection counts than just Guards.
I'm also wondering if any aspects of the load has any other relation to node flags.
https://elrippoisland.net/public/load-month.png https://elrippoisland.net/public/fw_forwarded_local-month.png
On Fri, 30 Aug 2013 18:25:54 -0700 Mike Perry mikeperry@torproject.org allegedly wrote:
To try to get to the bottom of the recent influx of clients to the Tor network, it might be useful to compare load characteristics since 8/19 for nodes with different types of flags.
People with Munin setups: it would be especially useful if you could post links/graph images for connection counts, bandwidth, and CPU load since 8/19.
Here you go:
https://pipe.rlogin.net/munin/network-month.html
https://atlas.torproject.org/#details/C332113DF99E367E4190424CE825057D91337A...
Tor is running on bin.rlogin.net. I am currently seeing close to 6000 established connections (or three times normal mean) but actual traffic is only running slightly higher than normal. My vnstats for the last month are at https://baldric.net/2013/08/31/vnstat-on-my-tor-node/
Mick
---------------------------------------------------------------------
Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net
---------------------------------------------------------------------
On Sat, 31 Aug 2013 18:30:41 +0100 mick mbm@rlogin.net allegedly wrote:
Here you go:
etc....
Ummmm. I've just had a (paranoid?) thought after reading the recent post from Gordon Morehouse about DDOS.
I don't normally expose those stats to the world. Indeed I'd guess a few other people who collect such stats don't either. Now, whilst these stats (along with those from others who respond) might help investigations of the impact of whatever is causing the recent uptick, we may also be giving valuable data to whoever is behind the attack (if we assume it is an attack).
As I said, probably paranoid, but if there /is/ a single actor behind this phenomenon then he or she might be delighted to be given such a collection of data points from the network.
Oh well.
Mick
---------------------------------------------------------------------
Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net
---------------------------------------------------------------------
On 31.08.2013 21:07, mick wrote:
I don't normally expose those stats to the world. Indeed I'd guess a few other people who collect such stats don't either. Now, whilst these stats (along with those from others who respond) might help investigations of the impact of whatever is causing the recent uptick, we may also be giving valuable data to whoever is behind the attack (if we assume it is an attack).
I publish all our relay stats and I think that this is very helpful for research. Like so much in this universe, it can be used for good and evil. So far, nobody could tell me what evil exactly I am facing by publishing it, so I do.
https://www.torservers.net/munin/
Same for the configuration, including firewall rules and whatnot. I strongly believe in transparency.
tor-relays@lists.torproject.org
-
elrippo -
mick -
Mike Perry -
Moritz Bartl -
Vincent Yu