Hi all - I've been running a TOR non-exit relay for several months now. Its rare, but I'm seeing what I believe is the occasional connection attack, with my relay complaining about the number of connections and suggesting I reduce capacity. Those are rare, and most of the time my server is running at about 20% CPU. During attacks, which seem unrelated to my Tor Upload/Download rate, CPU jumps to well over 100% (quad core, so 400% is max).
I'd normally just ignore this, but it seems to be impacting other aspects of my network experience: Messenger Rooms will unexpected close, NetFlix gets "unable to stream this title", family complains about slow and dropped connections, etc. Just had it happen a few minutes ago with a Messenger Room and sure enough, CPU is at 130%, even though I'm only pumping about 15MB/Sec (37.5MB/S limit, 56.2 burst, 40.3 observered) over my gigabit ISP connection. Speedtest shows the performing within acceptable parameters.
So contemplating what I can do, since this is bothersome. I've come up with a few alternatives, and curious about your thoughts:
1) Do some type of connection limiting at my PFSense Plus firewall. Perhaps limiting things to, say, 30 connections per IP address? Not even sure that is possible, but figure it might lighten the load on the TOR server.
2) Drop being a TOR non-exit relay and convert to a bridge. Not sure how long, if ever, it would take for my IP address, which is now public, to fade off of block lists... Not ideal, but at least as a bridge I'd still be servicing the environment.
3) Try connection limiting via iptables on the TOR host. Just seems like doing that at the firewall would be better.
tor-relays mailing list