I think you misinterpreted what I was saying or I didn't explain it well enough. Tor utilizing 100% CPU usage is only normal if you are pushing a LOT of bits. In this case, you probably have a system misconfiguration somewhere (nothing to do with Tor's configuration, torrc).
>"Nor, the adresses of the inbound traffic were from different adresses." Yes, that's expected. You're getting connections from the Tor network. >"I thought that it was not possible to force traffic through a specific predefined route in Tor" It isn't possible. I believe I said so, or implied it. The only way to do this would be through an attack on the Tor network in general. >"Is it possible to flood the tor port directly with for example syn floods?" Through the Tor network, no, that's impossible. TCP relies on a 3-way-handshake which means that every connection between relays will have to be complete; therefore, in order to connect to your relay, a complete connection will have to be made. I hope this makes sense, if not, I can elaborate a bit more. However, if someone has a hold of your IP, they can run a portscanner and then determine your relay port (which is on the internet for all to see.) Therefore, you can be attacked, but not through the Tor network. >"If yes; is there an iptables rule which will reduce the amount of connection kept in the syn state?" First of all, no. And second, that's not how you deal with a SYN flood. If that rule was implemented, it would just be easier to take your port offline. I highly doubt you are under attack. Almost certainly a misconfiguration of some sort. Have you tried the recommendations that others have given relating to your file descriptors? On Thu, Dec 4, 2014 at 1:40 AM, <webmas...@defcon-cc.dyndns.org> wrote: > Ok, > > i will reject this as a normal behavior of tor. My flags are actually: > > HSDir, Running, V2Dir, Valid > > To point 2.: Nor, the adresses of the inbound traffic were from different > adresses. > I thought that it is not possible to force the traffic through a defined > route because form > my knowledge the route is build by the network. Sometimes I'm using my Tor > Server as a Proxy for my local http traffic. I think this is the only case > where i can force my route to use my server as a entry node. > > Is it possible to flood the tor port directly with for example syn floods? > > If yes; is there an iptables rule which will reduce the amount of > connection kept in the syn state? > > My Tor Info: > > https://globe.torproject.org/#/relay/C54E81EB047D7EC1E05B0AC6E723BE1BF5CAF520 > > Thanks for the reply > > > > > Hey bud, > > Your adsl connection has a low advertised bandwidth, and doesn't make > many > > connections with regards to tor; thus, the CPU usage is correct. Look up > > your server's fingerprint or nickname on Tor Globe to see how much of the > > tor network travels through your server. > > CPU load is usually associated with a lot of bandwidth or a inefficiency > > in the server. I've heard that a 100mbit tor server using full 12.5MB/s > > up/down will saturate the core dedicated to the Tor process; this is > > presumably why a lot of servers run multiple Tor instances on different > > cores and IP addresses. However, in your case, it is likely > > The large amount of connections is generally caused by a few things: > > 1. You've been running a very stable server for a long period of time and > > have sufficient bandwidth to provide connectivity for a large number of > > clients; additional flags, such as Guard, HSDir, V2Dir, and Exit will > > likely result in more connections. This is not likely with your server, > > given your advertised bandwidth is only 68.44kb/s. > > 2. A single client is using your server for a lot of connections. > > 3. An anomaly/attack in the Tor network (somewhat unlikely, I don't know > > if any have been documented.) > > 4. An attack against your server. This is very hard to do through the Tor > > network; an attack against a Tor relay using Tor is an attack against all > > Tor relays. HOWEVER, they could be attacking your port which you use to > > host your tor server. > > Just for reference, here's my tor stats: > > Advertised B/W: ~4MB/s > > Connections (555 inbound, 5 outbound, 93 exit, 1 socks, 5 circuit, 1 > > control) > > Tor is averaging 9%-13% CPU usage; 198MB memory. > > More info on my server: > > > https://globe.torproject.org/#/relay/EF84089646304169F439A8F473742D74F027BA1B > > > https://globe.torproject.org/#/relay/EF84089646304169F439A8F473742D74F027BA1B > > I hope this answered your question, if not, send a reply and hopefully > > I'll reply sometime. > > > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
