I see on every exit node I check on the metrics page, a massive bump in bandwidth used without a change in exit probability. Is this perhaps an attacker squeezing the bandwidth of the network so people are more likely to use their malicious nodes?
awffelwaffels via tor-relays:
I see on every exit node I check on the metrics page, a massive bump in bandwidth used without a change in exit probability. Is this perhaps an attacker squeezing the bandwidth of the network so people are more likely to use their malicious nodes?
You could mail the bad-relays mailing list with your findings, so the bad-relays team can investigate further.
Sure, I mean it's bad traffic not bad relays but sure.
···
------- Original Message -------
On Thursday, March 3rd, 2022 at 10:10 PM, Georg Koppen <gk@torproject.org> wrote:
awffelwaffels via tor-relays:
> I see on every exit node I check on the metrics page, a massive bump in bandwidth used without a change in exit probability. Is this perhaps an attacker squeezing the bandwidth of the network so people are more likely to use their malicious nodes?
You could mail the bad-relays mailing list with your findings, so the
bad-relays team can investigate further.
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi
[..]
ffelwaffels via tor-relays:
I see on every exit node I check on the metrics page, a massive bump in bandwidth used without a change in exit probability. Is this perhaps an attacker squeezing the bandwidth of the network so people are more likely to use their malicious nodes?
[..]
Do you mean behavior like the following?
Feb. 25-26.: FDAA4F76F778215F02B0B02DCE8E8504179BCDC6
Cross-check: https://mcp.loki.tel/munin/par.exit.tor.loki.tel/12.par.exit.tor.loki.tel/tor_traffic.html
Feb. 25-26.: FDAA4F76F778215F02B0B02DCE8E8504179BCDC6
Cross-check: https://mcp.loki.tel/munin/vie.exit.tor.loki.tel/04.vie.exit.tor.loki.tel/tor_traffic.html
I am not sure about this either. But I can't confirm this increase in my Munin graphs or on the server itself.
···
On 3/3/22 21:12, awffelwaffels via tor-relays wrote:
--
Martin
Hello there.
I see on every exit node I check on the metrics page, a massive bump
in bandwidth used without a change in exit probability.
I just checked the metrics page for the relay I operate
(791E637A38C715336290E8AC0EB6C99BD02A5F0E) and I noticed a bump similar
to the one from FDAA4F76F778215F02B0B02DCE8E8504179BCDC6. However, my
relay is not and has never been an exit relay. Also, it looks like the
data changed retroactively: I usually check the metrics about once a
day and I'm sure I would have noticed the peak of 26/02 the day after -
I mean, it is a more than x3 increment from the day before (that also
had the highest value ever until then).
Should I worry about that? And should I report my own relay to
the bad-relays mailing list?
Thanks for the help.
Eldalië
···
On Thu, 03 Mar 2022 19:01:37 +0000 awffelwaffels via tor-relays <tor-relays@lists.torproject.org> wrote:
I see on every exit node I check on the metrics page, a massive bump
in bandwidth used without a change in exit probability. Is this
perhaps an attacker squeezing the bandwidth of the network so people
are more likely to use their malicious nodes?
--
Eldalië
My private key is attached. Please, use it and provide me yours!
(Attachment 7CE7571174A1961293D0CEF91EACF195B8F3D922.asc is missing)
Eldalië via tor-relays:
Hello there.
I see on every exit node I check on the metrics page, a massive bump
in bandwidth used without a change in exit probability.I just checked the metrics page for the relay I operate
(791E637A38C715336290E8AC0EB6C99BD02A5F0E) and I noticed a bump similar
to the one from FDAA4F76F778215F02B0B02DCE8E8504179BCDC6. However, my
relay is not and has never been an exit relay. Also, it looks like the
data changed retroactively: I usually check the metrics about once a
day and I'm sure I would have noticed the peak of 26/02 the day after -
I mean, it is a more than x3 increment from the day before (that also
had the highest value ever until then).
Should I worry about that? And should I report my own relay to
the bad-relays mailing list?
No, it's fine. I am not sure yet what the problem is but I suspect it's a bug in one of our recent code changes. See:
for more details. We've reverted that change for now and things should normalize again assuming the traffic increase you see is indeed related to it.
Georg
···
Thanks for the help.
Eldalië
On Thu, 03 Mar 2022 19:01:37 +0000 > awffelwaffels via tor-relays <tor-relays@lists.torproject.org> wrote:
I see on every exit node I check on the metrics page, a massive bump
in bandwidth used without a change in exit probability. Is this
perhaps an attacker squeezing the bandwidth of the network so people
are more likely to use their malicious nodes?_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page
1 Like
Hi,
This was a bug that was briefly introduced between yesterday afternoon and early morning today (UTC times). I have reverted the commit this morning around 5.00 AM (UTC) so you should start seeing your graphs back to normal.
Thanks for noticing and apologies for that.
Cheers,
-hiro
···
On 3/3/22 20:01, awffelwaffels via tor-relays wrote:
I see on every exit node I check on the metrics page, a massive bump in bandwidth used without a change in exit probability. Is this perhaps an attacker squeezing the bandwidth of the network so people are more likely to use their malicious nodes?
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Thanks very much. The anomalous peaks disappeared for most of the days
indeed, it remained only for 26/02.
Eldalië
···
On Fri, 4 Mar 2022 07:26:26 +0000 Georg Koppen <gk@torproject.org> wrote:
Eldalië via tor-relays:
> Hello there.
>
>> I see on every exit node I check on the metrics page, a massive
>> bump in bandwidth used without a change in exit probability.
>
> I just checked the metrics page for the relay I operate
> (791E637A38C715336290E8AC0EB6C99BD02A5F0E) and I noticed a bump
> similar to the one from FDAA4F76F778215F02B0B02DCE8E8504179BCDC6.
> However, my relay is not and has never been an exit relay. Also, it
> looks like the data changed retroactively: I usually check the
> metrics about once a day and I'm sure I would have noticed the peak
> of 26/02 the day after - I mean, it is a more than x3 increment
> from the day before (that also had the highest value ever until
> then). Should I worry about that? And should I report my own relay
> to the bad-relays mailing list?No, it's fine. I am not sure yet what the problem is but I suspect
it's a bug in one of our recent code changes. See:for more details. We've reverted that change for now and things
should normalize again assuming the traffic increase you see is
indeed related to it.Georg
> Thanks for the help.
>
> Eldalië
>
>
> On Thu, 03 Mar 2022 19:01:37 +0000 > > awffelwaffels via tor-relays <tor-relays@lists.torproject.org> > > wrote:
>
>> I see on every exit node I check on the metrics page, a massive
>> bump in bandwidth used without a change in exit probability. Is
>> this perhaps an attacker squeezing the bandwidth of the network so
>> people are more likely to use their malicious nodes?
>
>
>
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays@lists.torproject.org
> tor-relays Info Page
--
Eldalië
My private key is attached. Please, use it and provide me yours!
(Attachment 7CE7571174A1961293D0CEF91EACF195B8F3D922.asc is missing)
Thanks very much. The anomalous peaks disappeared for most of the days
indeed, it remained only for 26/02.
Yes, working to fix the bump for 26/02.
-hiro
···
On 4/3/22 11:40, Eldalië via tor-relays wrote:
Eldalië
On Fri, 4 Mar 2022 07:26:26 +0000 > Georg Koppen <gk@torproject.org> wrote:
Eldalië via tor-relays:
Hello there.
I see on every exit node I check on the metrics page, a massive
bump in bandwidth used without a change in exit probability.I just checked the metrics page for the relay I operate
(791E637A38C715336290E8AC0EB6C99BD02A5F0E) and I noticed a bump
similar to the one from FDAA4F76F778215F02B0B02DCE8E8504179BCDC6.
However, my relay is not and has never been an exit relay. Also, it
looks like the data changed retroactively: I usually check the
metrics about once a day and I'm sure I would have noticed the peak
of 26/02 the day after - I mean, it is a more than x3 increment
from the day before (that also had the highest value ever until
then). Should I worry about that? And should I report my own relay
to the bad-relays mailing list?No, it's fine. I am not sure yet what the problem is but I suspect
it's a bug in one of our recent code changes. See:for more details. We've reverted that change for now and things
should normalize again assuming the traffic increase you see is
indeed related to it.Georg
Thanks for the help.
Eldalië
On Thu, 03 Mar 2022 19:01:37 +0000 >>> awffelwaffels via tor-relays <tor-relays@lists.torproject.org> >>> wrote:
I see on every exit node I check on the metrics page, a massive
bump in bandwidth used without a change in exit probability. Is
this perhaps an attacker squeezing the bandwidth of the network so
people are more likely to use their malicious nodes?_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi all,
I can now confirm the data has been restored and no relay or bridge should exhibit any bump in traffic due to this but.
Cheers,
-hiro
···
On 4/3/22 15:11, Silvia/Hiro wrote:
On 4/3/22 11:40, Eldalië via tor-relays wrote:
Thanks very much. The anomalous peaks disappeared for most of the days
indeed, it remained only for 26/02.Yes, working to fix the bump for 26/02.
-hiro
Eldalië
On Fri, 4 Mar 2022 07:26:26 +0000 >> Georg Koppen <gk@torproject.org> wrote:
Eldalië via tor-relays:
Hello there.
I see on every exit node I check on the metrics page, a massive
bump in bandwidth used without a change in exit probability.I just checked the metrics page for the relay I operate
(791E637A38C715336290E8AC0EB6C99BD02A5F0E) and I noticed a bump
similar to the one from FDAA4F76F778215F02B0B02DCE8E8504179BCDC6.
However, my relay is not and has never been an exit relay. Also, it
looks like the data changed retroactively: I usually check the
metrics about once a day and I'm sure I would have noticed the peak
of 26/02 the day after - I mean, it is a more than x3 increment
from the day before (that also had the highest value ever until
then). Should I worry about that? And should I report my own relay
to the bad-relays mailing list?No, it's fine. I am not sure yet what the problem is but I suspect
it's a bug in one of our recent code changes. See:for more details. We've reverted that change for now and things
should normalize again assuming the traffic increase you see is
indeed related to it.Georg
Thanks for the help.
Eldalië
On Thu, 03 Mar 2022 19:01:37 +0000 >>>> awffelwaffels via tor-relays <tor-relays@lists.torproject.org> >>>> wrote:
I see on every exit node I check on the metrics page, a massive
bump in bandwidth used without a change in exit probability. Is
this perhaps an attacker squeezing the bandwidth of the network so
people are more likely to use their malicious nodes?_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
1 Like