After reading this post https://lists.torproject.org/pipermail/tor-relays/2018-May/015277.html I started looking into what is happening on the dir port on my relay (855BC2DABE24C861CD887DB9B2E950424B49FC34)
The bandwidth ratio of dir/or traffic is around 3% to 4%. Not excessive according to the linked post.
Looking at the conntrack table I see many IP addresses (usually from Ukraine or Russia) with 100+ connections. Atm there are around 10 IP addresses with 100+ connections and around 30 with 10+ connections. None of the IP addresses I've looked at are Tor relays.
Some questions: Is this expected behaviour against on a fallbackdir flagged relay? Does the DoS prevention implemented recently address abuse against the dir port? I read that newer Tor clients don't use the dir port. Correct? Do Tor relays use the dir port? Can I remove the dir port from my relay without reducing my relays usability to the network?
Thank you for any answers.