As the operator of family 7EAAC49A7840D33B62FA276429F3B03C92AA9327, we experienced a router update and restart. We’ve seen similar network disruptions before — BGP drops, switch failures, etc. — causing comparable issues at Hetzner. This isn’t the first incident and likely won’t be the last. A few additional notes: - Hetzner flags this type of Tor relay traffic as “port scanning,” sending automated emails to its customers — though we’ve never received one directly. - These emails suggest Hetzner monitors flow-level data (e.g., NetFlow), which raises concerns about potential exposure of Tor traffic characteristics. - Hetzner also carries a disproportionate share of Tor traffic, currently #2 by consensus weight (~10%). See: https://1aeo.com/metrics/misc/networks-by-bandwidth.html and https://1aeo.com/metrics/as/AS24940/. No other provider appears to exhibit these same issues with this traffic pattern. Open to any guidance or suggestions on how best to mitigate this. On Tuesday, October 14th, 2025 at 11:30 PM, Dimitris T. via tor-relays <tor-relays@lists.torproject.org> wrote:
Hey all,
got an abuse report today from Hetzner concerning one middle relay we're running there.
allegedly, our relay has been port scanning (port 443 only) some members of https://metrics.torproject.org/rs.html#search/family:7EAAC49A7840D33B62FA276...
(just from family relays in 96.9.98.0/24 range, all using ORPort 443)
anyone else got similar abuse reports? or someone here from this relay family, that can clear things out with this isp?
thinking of replying to hetzner accordingly, let them know (with metrics link), that these are tor relays with 443 port open/accepting our middle relay connections, not port scans...
best,
d.