Hi,
On 5 Sep 2019, at 03:54, potlatch potlatch@protonmail.com wrote:
I had TorExitFin [0] down for a few days hoping the non-Tor Iranian intruders would wander off. I restarted it today and before NYX could come up there were 257 Iranian IPs present (nicely automated!). The IP addresses range over all of the IP addresses allotted to Iran so their usage must come from a high authority to get that kind of access. NYX communications page showed that none of these had hashed fingerprints. At the same time 3 IPs came up from other countries with fingerprints. Should I leave this shut down for the security of the network? -potlatch [0] 9B31F1F1C1554F9FFB3455911F82E818EF7C7883
It's not an attack.
It looks like a bad interaction between tor and Iran's censorship. Or genuine usage of tor by an app or a whole bunch of users.
See this ticket for more details: https://trac.torproject.org/projects/tor/ticket/30636
You should do whatever you need to do to keep your relay running. If you can, accept the traffic, rate-limit the traffic, or drop the traffic (without replying at all).
We're working on a fix on the tor side.
T