Hi All
I have been running a tor relay for about a year and according to my munin graph It normally receives, on average, just under 2,000 incoming tcp connections on port 443 every 5 minutes.
In the last few days that figure has increased to about 10,000 and spiked to about 19,000 incoming requests every 5 minutes.
First thought was DDOS but traffic is not high enough to cause any problems.
I did some digging and in a 5 minute period received the following requests to the port tor is listening on (number of requests and source ip address)
2722 SRC=107.167.22.79
1355 SRC=107.167.22.90
1334 SRC=104.37.244.131
1237 SRC=213.251.185.14
604 SRC=188.247.130.32
13 DST=178.200.216.58
7 SRC=92.63.110.232
6 SRC=5.196.8.208
6 SRC=200.76.82.231
6 DST=93.158.248.243
This is only the top 10 source ip addresses. I had a look and none of the top few seem to be tor relays.
Just wondering if others are seeing a large number of requests from the above ip addresses or if it's just me. If it is just me then I can easily just block these ip addresses.