[tor-relays] Traffic in port 9050 in a relay (denial of service attack?)

Hello all,

I've set up a tor exit relay (0.2.4.17-rc, debian testing) on a VPS, and it's running well (about 20Gbs/day).

But a lot of traffic (about 50%!) is using port 9050 for incoming connections. It's something more than random scans.

Because I am worried, I've run tcpdump on this port and the packets length is about 50-60 bytes long. It seems like DOS or flood traffic: external ip tries to connect and my server refuses (RST, ACK), each time.

My OR port is 9001, and, of course, SocksPort = 0 in my torrc.

Do you think something is wrong with my relay? Why that traffic if my only tor port is 9001? Should I block that traffic using iptables?