Toralf Förster via tor-relays:
On 10/22/25 6:52 AM, Tor at 1AEO via tor-relays wrote:
No other provider appears to exhibit these same issues with this traffic pattern.
I got 3 abuse complaints related to 64.65.0.0/24, 64.65.61.0/24 and 96.9.98.0/24 in the past couple of weeks.
Open to any guidance or suggestions on how best to mitigate this.
My personal solution attempt as of today is in [1]. For that I added EGRESS_SUBNET_SLEW="45.84.107.0 64.65.0.0/23 64.65.60.0/22 96.9.98.0 109.70.100 171.25.193.0 185.220.101.0 192.42.116.0" /opt/ torutils/ipv4-rules-egress.sh start
to the init script of a bare metal server hosting 5 Tor relays. After reboot it took about 10 min for the iptables stats to calm down [2].
Thanks. For those of you following along at home there is a related analysis ticket in our bug tracker[3] where this idea is investigated. There might be other stuff that could be tried as well. Thanks, Georg
[1] https://github.com/toralf/torutils/blob/main/ipv4-rules-egress.sh [2] https://0x0.st/K2C0.txt
[3] https://gitlab.torproject.org/tpo/network-health/analysis/-/issues/105