Ok, i will reject this as a normal behavior of tor. My flags are actually:
HSDir, Running, V2Dir, Valid To point 2.: Nor, the adresses of the inbound traffic were from different adresses. I thought that it is not possible to force the traffic through a defined route because form my knowledge the route is build by the network. Sometimes I'm using my Tor Server as a Proxy for my local http traffic. I think this is the only case where i can force my route to use my server as a entry node. Is it possible to flood the tor port directly with for example syn floods? If yes; is there an iptables rule which will reduce the amount of connection kept in the syn state? My Tor Info: https://globe.torproject.org/#/relay/C54E81EB047D7EC1E05B0AC6E723BE1BF5CAF520 Thanks for the reply > Hey bud, > Your adsl connection has a low advertised bandwidth, and doesn't make many > connections with regards to tor; thus, the CPU usage is correct. Look up > your server's fingerprint or nickname on Tor Globe to see how much of the > tor network travels through your server. > CPU load is usually associated with a lot of bandwidth or a inefficiency > in the server. I've heard that a 100mbit tor server using full 12.5MB/s > up/down will saturate the core dedicated to the Tor process; this is > presumably why a lot of servers run multiple Tor instances on different > cores and IP addresses. However, in your case, it is likely > The large amount of connections is generally caused by a few things: > 1. You've been running a very stable server for a long period of time and > have sufficient bandwidth to provide connectivity for a large number of > clients; additional flags, such as Guard, HSDir, V2Dir, and Exit will > likely result in more connections. This is not likely with your server, > given your advertised bandwidth is only 68.44kb/s. > 2. A single client is using your server for a lot of connections. > 3. An anomaly/attack in the Tor network (somewhat unlikely, I don't know > if any have been documented.) > 4. An attack against your server. This is very hard to do through the Tor > network; an attack against a Tor relay using Tor is an attack against all > Tor relays. HOWEVER, they could be attacking your port which you use to > host your tor server. > Just for reference, here's my tor stats: > Advertised B/W: ~4MB/s > Connections (555 inbound, 5 outbound, 93 exit, 1 socks, 5 circuit, 1 > control) > Tor is averaging 9%-13% CPU usage; 198MB memory. > More info on my server: > https://globe.torproject.org/#/relay/EF84089646304169F439A8F473742D74F027BA1B > https://globe.torproject.org/#/relay/EF84089646304169F439A8F473742D74F027BA1B > I hope this answered your question, if not, send a reply and hopefully > I'll reply sometime. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
