Skip to content

Denial of service attack on middle relays

I run a cluster of four middle relays, 80 Mbps each on Frontier FiberOptic (ex-AT&T Fiber) in Stamford, CT (1 hour from NYC): https://metrics.torproject.org/rs.html#search/neeltorrelay

I believe middle relays like mine are facing a denial of service attack, presumably targeting onion services. Within minutes of starting my relay it's running at 100% capacity. This isn't normal since whenever I usually restart a relay traffic levels go down considerably. My non-exit relays have the middle flag but not the guard flag.

I initially let the whole 500 Mbps connection be available to Tor but got numerous complaints from family members about "slow wifi" so I reduced it to ~320 Mbps total in order to not interfere with non-Tor traffic.

I use a HPE ProLiant ML110 Gen11 running Rocky Linux 9.4 using EPEL for Tor. My core router is a MikroTik CCR2004-16G-2S+ using a "bypass" setup to use my MT instead of Frontier's Arris router.

For other relay operators, is this an issue?

Edited by Neel Chauhan
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information