Hi there,
i just want to report two partially successfull DoS Attacks on my Relay:
First attack:
Occured yesterday. The tor process showed massive traffic, much more my upload ( 45 Mbits) could handle.
I don’t know how in detail this worked, but I had receiving traffic at about 40Mbits and the relay tried to send about 100Mbits towards WAN.
Because I didn’t know if this was harmful traffic for the tor network, I finally pulled the plug and obtained a new IP after about 4 hours into the attack.
I had the feeling that a short time, there was still unusual sending/recieving ratio, but all related to tor.exe and it stabilized soon after.
My Guess ist hat a malformed packet was sent by tor, resulting in uncontrolled, unknown traffic to the WAN-Side.
The Realy had 3 DDoS Circuits killed, rejected circuits and introduce 2 at unnormal high rate, also like 117 marked addresses. It sent about 250GB more then it recieved.
The attack is also clearly visible in Tor Metrics, a massive spike in written Bytes can be seen.
Fingerprint: 8AFE4E6F05234B0184327C052B09F10191EAFAF3
Second Attack (today):
Today at about 2 p.m., the memory of the relay spiked to maximum (8GB) and additionally 22GB of virtual memory was used.
This caused the process to die, with an out-of-memory Error.
This also must came from a malformed packet in tor.
Is there any known method to circumvent both of these Issues?
In the first event, i don’t know if the error could have cleared self after some more hours.
Regarding the memory issue, i think this must be resolved in the tor software itself, allthough I thought about adding 64GB of RAM and 256GB Page-File, just to see if it makes any difference in case of attacks.
But I don’t think so.
Best regards,
Joker