
<div dir="ltr"><div>Hello again,</div><div><br></div><div><br></div><div>indeed, the port 9050 is closed, but not filtered. I've set up a drop rule in the VPS firewall( Parallels Plesk Panel) on this port, but it's not working fine.</div>

<div><br></div><div>I am amazed by all the amount of this kind of traffic, more than 700 packets/second. According to Kent Backman, this is the clickfraud net called "Rotpoi$on" (a lot of info at <a href="https://b.kentbackman.com/2013/04/15/rotpoion-botnet-powered-by-thousands-of">https://b.kentbackman.com/2013/04/15/rotpoion-botnet-powered-by-thousands-of</a></div>

<div>-servers/)</div><div><br></div><div>Maybe I'll be able to block all these incoming connections, but I'm afraid that overall relay performance will decrease drastically because all the filtering work...</div><div>

<br></div><div><br></div><div>The relay--> Atlas: newTorThird : <a href="https://atlas.torproject.org/#details/ACED456D102F634F8DB3CBE8BC9A96F2569EC33C">https://atlas.torproject.org/#details/ACED456D102F634F8DB3CBE8BC9A96F2569EC33C</a></div>

</div><div class="gmail_extra"><br><br><div class="gmail_quote">2013/11/5 Paritesh Boyeyoko <span dir="ltr"><<a href="mailto:parity.boy@gmail.com" target="_blank">parity.boy@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<u></u>

<div style="font-family:'Ubuntu';font-size:9pt;font-weight:400;font-style:normal">

<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px">@jj tor</p>

<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px"> </p>

<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px">The fact that your relay is refusing connections says that the port isn't open, which is a good thing.</p>

<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px"> </p>

<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px">I suspect that persons unknown have port scanned your VPS, realised that you have Tor running (on standard ports) and is speculatively using a bot to (hopefully) connect to the SOCKS interface.</p>


<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px"> </p>

<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px">I would </p>

<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px"> </p>

<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px">a) move the Tor relay to non-standard ports</p>

<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px">b) use iptables to drop all incoming connections apart from the (new) Tor ports and shell access.</p>

<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px"> </p>

<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px">Best,</p>

<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px">-- </p>

<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px">Parity</p>

<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px"><a href="mailto:parity.boy@gmail.com" target="_blank">parity.boy@gmail.com</a></p></div><br>_______________________________________________<br>


tor-relays mailing list<br>

<a href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.org</a><br>

<a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a><br>

<br></blockquote></div><br></div>