Hello again,

indeed, the port 9050 is closed, but not filtered. I've set up a drop rule in the VPS firewall( Parallels Plesk Panel) on this port, but it's not working fine.

I am amazed by all the amount of this kind of traffic, more than 700 packets/second. According to Kent Backman, this is the clickfraud net called "Rotpoi$on" (a lot of info at https://b.kentbackman.com/2013/04/15/rotpoion-botnet-powered-by-thousands-of

-servers/)

Maybe I'll be able to block all these incoming connections, but I'm afraid that overall relay performance will decrease drastically because all the filtering work...

The relay--> Atlas: newTorThird : https://atlas.torproject.org/#details/ACED456D102F634F8DB3CBE8BC9A96F2569EC33C

2013/11/5 Paritesh Boyeyoko <parity.boy@gmail.com>

@jj tor

The fact that your relay is refusing connections says that the port isn't open, which is a good thing.

I suspect that persons unknown have port scanned your VPS, realised that you have Tor running (on standard ports) and is speculatively using a bot to (hopefully) connect to the SOCKS interface.

I would

a) move the Tor relay to non-standard ports

b) use iptables to drop all incoming connections apart from the (new) Tor ports and shell access.

Best,

--

Parity

parity.boy@gmail.com

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays